Bulletins

Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family that could allow an attacker to cause a Denial-of-Service condition. In order to exploit the vulnerability, an attacker must have access to the affected devices on port 102/tcp via Ethernet, PROFIBUS or Multi Point Interfaces (MPI). Siemens provides updates …

The latest update for SIMATIC Panel software and SIMATIC WinCC (TIA Portal) fixes two web vulnerabilities. The most severe is a vulnerability which could allow an attacker with network access to the integrated webserver to download arbitrary files. Siemens recommends to update to the newest version.

A Cross-Site Scripting (XSS) vulnerability was found in the web server of SCALANCE S firewalls. Siemens provides firmware version V4.0.1.1, which fixes the vulnerability and recommends to update to the newest version.

A vulnerability was identified in SIMATIC S7-1200 and S7-1500 CPUs that could allow an attacker to cause a denial-of-service condition preventing HMI or engineering access to the PLC over port 102/tcp. Siemens has released an update for the S7-1500 product and recommends that customers update to the new version. Siemens …

The latest update for SIMATIC STEP7 (TIA Portal) fixes a vulnerability that could allow an attacker with local access to a project file to reconstruct certain passwords stored in the project. Siemens recommends to update to the new version.

The latest update for SIMATIC IT Production Suite fixes a vulnerability that could allow authorized users with knowledge of a valid user name and physical or network access to the affected system to bypass the application-level authentication.

Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Industrial Products include affected processors and are affected by the vulnerabilities.