Bulletins

Security researchers published information on vulnerabilities known as Spectre-NG (Variants 3a and 4). These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Industrial Products include affected processors and are affected by the vulnerabilities.

The latest update for SIMATIC WinCC OA V3.14 fixes a vulnerability that could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability affects SIMATIC WinCC OA V3.14 and prior. SIMATIC WinCC OA V3.15 and V3.16 are not affected by this …

Security researchers published information on vulnerabilities known as Spectre, Meltdown, Spectre-NG, Lazy FP State Restore, Spectre V1.1, and L1 Terminal Fault/Foreshadow. These vulnerabilities affect many modern processors from different vendors to a varying degree. Siemens is analyzing the impact of these vulnerabilities and of the mitigations released on its own …

Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Industrial Products include affected processors and are affected by the vulnerabilities.

The latest updates for Automation License Manager fix two vulnerabilities. One of them could allow an attacker to execute arbitrary code on the target device, the other one could allow an attacker to abuse the target system for basic network scanning.

The latest updates for SIMATIC STEP 7 (TIA Portal) and SIMATIC WinCC (TIA Portal) fix two vulnerabilities. These two vulnerabilities could either allow an attacker with local file write access to manipulate files and cause a Denial-of-service-condition, or execute code both on the manipulated installation and on devices that are …

A vulnerability in OpenSSL affects several Siemens industrial products. Siemens has released updates for some affected products and is working on updates for others.