Bulletins

The latest updates for the affected products fix a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens is …

The latest update for TIM 3V-IE family devices and TIM 4R-IE family devices fixes a vulnerability that could allow an unauthenticated attacker with network access to port 17185/udp to gain full control over the device. The devices are only vulnerable if the IP address is configured to 192.168.1.2. Siemens has …

SIMOTICS CONNECT 400, Desigo (Power PC-based), APOGEE MEC/MBC/PXC and TALON TC products are affected by a DHCP Client vulnerability as initially reported in SSA-434032 for the Mentor Nucleus Networking Module. Siemens has released updates for some products and is working on further updates. For the remaining affected products, Siemens recommends …

The latest updates for the affected products fix a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has …

When receiving specially crafted ICMP network packets, SIMATIC S7-400 V6 PN CPU products may go into defect mode. This could allow attackers to perform a Denial-of-Service attack on the CPUs. Siemens has released updates for the affected products.

When receiving malformed network data, SIMATIC S7-400 V5 PN CPUs may go into defect mode. This would allow attackers to perform a Denial-of-Service attack on the CPUs. Siemens will not publish a fix for this vulnerability as this product version is discontinued since October 2011 [1]. Version V6 is not …