Bulletins

SIEMENS CERT
02/12/2019

SSB-439005 (Last Update: 2019-02-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP

SIEMENS CERT
02/12/2019

SSA-347726 (Last Update: 2019-02-12): Denial-of-Service Vulnerability in SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open Controller

Versions of SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200 SP Open Controller are affected by a denial-of-service vulnerability. An attacker with network access to the PLC can cause a Denial-of-Service condition on the network stack.
SIEMENS CERT
02/12/2019

SSA-268644 (Last Update: 2019-02-12): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products

Security researchers published information on vulnerabilities known as Spectre-NG (Variants 3a and 4). These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Industrial Products include affected processors and are affected by the vulnerabilities.
SIEMENS CERT
02/12/2019

SSA-168644 (Last Update: 2019-02-12): Spectre and Meltdown Vulnerabilities in Industrial Products

Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Industrial Products include affected processors and are affected by the vulnerabilities.
SIEMENS CERT
02/12/2019

SSA-179516 (Last Update: 2019-02-12): OpenSSL Vulnerability in Industrial Products

A vulnerability in OpenSSL affects several Siemens industrial products. Siemens has released updates for some affected products and is working on updates for others.
SIEMENS CERT
02/12/2019

SSA-346262 (Last Update: 2019-02-12): Denial-of-Service in Industrial Products

Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates …
SIEMENS CERT
02/12/2019

SSA-284673 (Last Update: 2019-02-12): Vulnerability in Industrial Products

Several industrial devices are affected by a vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct Layer 2 access to the affected products. PROFIBUS interfaces are not affected. Siemens has released updates for …
SIEMENS CERT
02/12/2019

SSA-275839 (Last Update: 2019-02-12): Denial-of-Service Vulnerability in Industrial Products

Several industrial products are affected by a vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct Layer 2 access to the affected products. Siemens has released updates for several affected products, is working …