Bulletins

The latest update for TIA Portal fixes a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges. Siemens has released an update for TIA Portal V15, is working on updates for other versions of TIA Portal and recommends specific mitigations for vulnerable versions.

The SIPROTEC 5 relays and their corresponding engineering software DIGSI 5 are affected by two security vulnerabilities which could allow an attacker to upload or download files to the device or to conduct a Denial-of-Service attack over the network. Siemens has released updates for some affected products, is working on …

A vulnerability in the affected products could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends …

The boot loader within RUGGEDCOM ROS contains two vulnerabilities in the loading process of the operating system kernel. The most severe of these vulnerabilities could allow an attacker with local access to the device to execute arbitrary code on an affected device. Siemens recommends specific countermeasures to mitigate this issue.

The latest firmware updates for the SCALANCE W700 and W1700 wireless device families fix a vulnerability affecting WPA/WPA2 key handling. It might be possible to, by manipulating the EAPOL-Key frames, decrypt the Key Data field without the frame being authenticated. This has impact on WPA/WPA2 architectures using TKIP encryption. The …

SiNVR V3 contains seven vulnerabilities in the components Video Server and Central Control Server (CCS), involving authentication bypass (CVE-2019-18337, CVE-2019-18339, CVE-2019-18341), information disclosure (CVE-2019-13947, CVE-2019-18340), path traversal (CVE-2019-18338), and privilege escalation (CVE-2019-18342). Siemens recommends specific countermeasures until fixes are available.

The EN100 Ethernet communication modules are affected by security vulnerabilities which could allow an attacker to disclose information. Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available.