SIEMENS CERT
09/08/2020
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further …
SIEMENS CERT
08/11/2020
SSA-604937 (Last Update: 2020-08-11): Multiple Web Server Vulnerabilities in Opcenter Execution Core
Opcenter Execution Core (formerly known as Camstar Enterprise Platform) contains a Cross-Site-Scripting, an SQL injection and an information disclosure vulnerability. Siemens recommends to update to the latest version of Opcenter Execution Core that fixes two vulnerabilities and recommends specific countermeasures for the remaining vulnerability.
SIEMENS CERT
08/11/2020
The latest update for SICAM A8000 RTUs fixes a vulnerability that could allow attackers with network access to the device’s web server to perform a stored Cross-Site-Scripting attack. Siemens has released an update for SICAM A8000 RTUs and recommends to update as soon as possible.
SIEMENS CERT
08/11/2020
The latest update for Automation License Manager (ALM) fixes a vulnerability that could allow local users to locally escalate privileges and modify files that should be protected against writing. Siemens has released an update for ALM 6 and recommends that customers update to the latest version. Siemens recommends specific countermeasures …
SIEMENS CERT
08/11/2020
An information disclosure vulnerability (CVE-2019-15126, also known as Kr00k) could allow an attacker to read a discrete set of traffic over the air after a Wi-Fi device state change. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
08/11/2020
The extension module Advanced Reporting for Desigo CC and Desigo CC Compact contains a code injection vulnerability, which could be exploited if the extension module is installed on the server and configured. Siemens has released patches for the affected products and recommends specific countermeasures for unpatched systems.
SIEMENS CERT
08/11/2020
The latest update for SCALANCE M-800 / S615 and RUGGEDCOM RM1224 devices fixes a buffer overflow vulnerability in the third party component pppd that could allow an attacker with network access to an affected device to execute custom code on the device. Siemens has released updates for affected devices and …
SIEMENS CERT
08/11/2020
The latest updates for the affected products fix a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens is …