SIEMENS CERT
02/10/2020
The latest updates for medium voltage SINAMICS products fix two security vulnerabilities that could allow an attacker to cause a Denial-of-Service condition either via specially crafted PROFINET DCP broadcast packets or by sending specially crafted packets to port 161/udp (SNMP). Precondition for the PROFINET DCP scenario is a direct Layer …
SIEMENS CERT
02/10/2020
The latest update for TIM 1531 IRC fixes a vulnerability. The device was missing proper authentication when connecting on port 102/tcp, although configured. An attacker needs to be able to connect to port 102/tcp of an affected device in order to exploit this vulnerability. The vulnerability could allow an attacker …
SIEMENS CERT
02/10/2020
A vulnerability could allow attackers to perform a Denial-of-Service attack over the network without prior authentication against S7-300 CPUs under certain conditions. Siemens recommends specific mitigations. Siemens will update this advisory when new information becomes available.
SIEMENS CERT
02/10/2020
The latest updates for the affected products fix the “GHOST” [1] vulnerability identified in glibc library (CVE-2015-0235). Incorrect parsing within the glibc library functions “gethostbyname()” and “gethostbyname2()” could cause a Denial-of-Service of the targeted system. [1] https://nvd.nist.gov/vuln/detail/CVE-2015-0235
SIEMENS CERT
02/10/2020
Older versions of the S7-1500 CPU are affected by two Denial-of-Service vulnerabilities. Siemens has released updates for the currently supported hardware versions.
SIEMENS CERT
02/10/2020
Multiple vulnerabilities have been identified in SIEMENS LOGO!8 BM devices. The most severe vulnerability could lead to an attacker reading and modifying the device configuration if the attacker has access to port 10005/tcp.
SIEMENS CERT
02/10/2020
The latest firmware update for S7-1200 CPU family version 4 fixes a Cross-Site Request Forgery vulnerability. Siemens recommends to update affected devices as soon as possible.
SIEMENS CERT
02/10/2020
A vulnerability in OpenSSL affects several Siemens industrial products. Siemens has released updates for some affected products and is working on updates for others.