SIEMENS CERT
04/13/2021
Siemens has released updates for Communication Processor (CP) module families CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1 to resolve an authentication bypass vulnerability that could allow unauthenticated users to perform administrative operations under certain conditions. 2021-04-13: Siemens has also added Profibus devices (CP 342-5 / CP 443-5) to this advisory. For these …
SIEMENS CERT
04/13/2021
The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative …
SIEMENS CERT
04/13/2021
Several SCALANCE X switches contain a vulnerability that could allow an attacker to perform administrative actions if the victim is tricked into clicking on a website controlled by the attacker. The attack only works if the victim has an authenticated session on the administrative interface of the switch. Siemens has …
SIEMENS CERT
04/13/2021
Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and …
SIEMENS CERT
04/13/2021
Several firmware versions of the SCALANCE and RUGGEDCOM devices listed below are affected by a vulnerability in the passive listening feature that could allow an attacker to cause a reboot or, under specific circumstances, attain remote code execution of the affected devices. Siemens has released updates for the affected products …
SIEMENS CERT
03/09/2021
Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing …
SIEMENS CERT
03/09/2021
Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. The precondition for this scenario is a direct layer 2 access to the affected products. PROFIBUS interfaces are not affected. Siemens has released updates …
SIEMENS CERT
03/09/2021
The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative …