Bulletins

Older versions of the S7-1500 CPU are affected by two Denial-of-Service vulnerabilities. Siemens has released updates for the currently supported hardware versions.

A vulnerability in OpenSSL affects several Siemens industrial products. Siemens has released updates for some affected products and is working on updates for others.

Vulnerabilities in OpenSSL (see https://www.openssl.org/news/secadv_20140605.txt) affect several Siemens industrial products. Siemens has released updates for all affected products.

A vulnerability was identified in SIMATIC S7-1200 and S7-1500 CPUs that could allow an attacker to cause a denial-of-service condition preventing HMI or engineering access to the PLC over port 102/tcp. Siemens has released an update for the S7-1500 product and recommends that customers update to the new version. Siemens …

The latest updates for medium voltage SINAMICS products fix two security vulnerabilities that could allow an attacker to cause a Denial-of-Service condition either via specially crafted PROFINET DCP broadcast packets or by sending specially crafted packets to port 161/udp (SNMP). Precondition for the PROFINET DCP scenario is a direct Layer …

Multiple vulnerabilities have been identified in SIEMENS LOGO!8 BM devices. The most severe vulnerability could lead to an attacker reading and modifying the device configuration if the attacker has access to port 10005/tcp.

The latest firmware update for S7-1200 CPU family version 4 fixes a Cross-Site Request Forgery vulnerability. Siemens recommends to update affected devices as soon as possible.