Bulletins

SIEMENS CERT
12/10/2019
The SIPROTEC 5 relays and their corresponding engineering software DIGSI 5 are affected by two security vulnerabilities which could allow an attacker to upload or download files to the device or to conduct a Denial-of-Service attack over the network. Siemens has released updates for some affected products, is working on …
SIEMENS CERT
12/10/2019
A vulnerability has been identified in several SIMATIC products. The vulnerability could allow an attacker in a Man-in-the-Middle position to modify network traffic exchanged on port 102/tcp to PLCs of the SIMATIC S7-1200, SIMATIC S7-1500 and SIMATIC SoftwareController CPU families. Siemens has released updates for several affected products, and recommends …
SIEMENS CERT
11/12/2019
There is an access mode used during manufacturing of S7-1200 CPUs that allows additional diagnostic functionality. Using this functionality requires physical access to the UART interface during boot process. Siemens is working on a solution and recommends specific countermeasures until the solution is available.
SIEMENS CERT
11/12/2019
Mentor Nucleus by Mentor, a Siemens Business, is affected by one vulnerability. This vulnerability could allow an attacker to affect the integrity and availability of the device.
SIEMENS CERT
11/12/2019
The latest update for Desigo PXC devices fixes a vulnerability that could allow unauthenticated remote users to cause a denial of service condition on the PX Web interface (HTTP, port tcp/80) of a device. Devices where PX Web is not enabled are not affected by this vulnerability.
SIEMENS CERT
11/12/2019
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing …
SIEMENS CERT
11/12/2019
Security researchers published information on vulnerabilities known as ZombieLoad and Microarchitectural Data Sampling (MDS). These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.