Bulletins

A vulnerability has been identified in the OPC UA server of several industrial products. The vulnerability could cause a Denial-of-Service condition on the service or the device. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and …

Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is …

The latest update for SIMATIC CP 1543-1 contains two fixes for vulnerabilities within its embedded ProFTPD FTP server. The more severe of these vulnerabilities could allow for remote code execution and information disclosure without authentication. Siemens has released updates for SIMATIC CP 1543-1 modules.

OZW672 and OZW772 Web Server versions < 10.00 contain a vulnerability that could allow unauthenticated users to access project files under certain conditions. Siemens has released Version 10.00 that fixes the vulnerability and recommends to update all web servers.

SIPORT MP version 3.1.4 fixes a vulnerability that allowed to create special accounts ("service users") which could enable an authenticated attacker to perform actions that are invisible to other users of the system. Siemens recommends customers to apply the update. For older versions, a hotfix and a tool are available …

The SIPROTEC 4 and SIPROTEC Compact devices are affected by a security vulnerability which could allow an attacker to conduct a Denial-of-Service attack over the network when equipped with EN100 Ethernet communication modules. Siemens recommends specific countermeasures to mitigate the issue.