Bulletins

SIEMENS CERT
03/12/2019

SSB-439005 (Last Update: 2019-03-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP

SIEMENS CERT
02/25/2019

SSA-844562 (Last Update: 2019-02-25): Multiple Vulnerabilities in Licensing Software for WinCC OA

Multiple vulnerabilities have been identified in the WibuKey Digital Rights Management (DRM) solution, which affect WinCC OA. Siemens recommends users to apply the updates to WibuKey Digital Rights Management (DRM) provided by WIBU SYSTEMS AG.
SIEMENS CERT
02/12/2019

SSA-635129 (Last Update: 2019-02-12): Denial-of-Service Vulnerabilities in EN100 Ethernet Communication Module and SIPROTEC 5 relays

The EN100 Ethernet communication module and SIPROTEC 5 relays are affected by security vulnerabilities which could allow an attacker to conduct a Denial-of-Service attack over the network. Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes …
SIEMENS CERT
02/12/2019

SSA-505225 (Last Update: 2019-02-12): Spectre Vulnerabilities in SIMATIC Industrial Thin Client V3

SIMATIC Industrial Thin Clients V3 contain a processor which is affected by vulnerabilities known under the name Spectre V1 and Spectre V4. Siemens has released updates for the affected products and recommends to update to the latest version.
SIEMENS CERT
02/12/2019

SSA-760124 (Last Update: 2019-02-12): Multiple Vulnerabilities in Licensing Software for SICAM 230

Multiple vulnerabilities have been identified in the WibuKey Digital Rights Management (DRM) solution, which affect the SICAM 230 process control system. Siemens recommends users to apply the updates to WibuKey Digital Rights Management (DRM) provided by WIBU SYSTEMS AG.
SIEMENS CERT
02/12/2019

SSA-104088 (Last Update: 2019-02-12): Denial-of-Service Vulnerabilities in EN100 Ethernet Communication Module and SIPROTEC 5 relays

The EN100 Ethernet communication module and SIPROTEC 5 relays are affected by a security vulnerability which could allow an attacker to conduct a Denial-of-Service attack over the network. Siemens has released updates for some affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until …
SIEMENS CERT
02/12/2019

SSA-275839 (Last Update: 2019-02-12): Denial-of-Service Vulnerability in Industrial Products

Several industrial products are affected by a vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct Layer 2 access to the affected products. Siemens has released updates for several affected products, is working …
SIEMENS CERT
02/12/2019

SSA-845879 (Last Update: 2019-02-12): Firmware Downgrade Vulnerability in EN100 Ethernet Communication Module for SIPROTEC 4, SIPROTEC Compact and Reyrolle

The EN100 Ethernet communication module, which is an optional extension for SIPROTEC 4, SIPROTEC Compact and Reyrolle devices, allows an unauthenticated upload of firmware updates to the communication module in affected versions. Siemens has released updates for several affected products, is working on updates for the remaining affected products, and …