Bulletins

A vulnerability in OpenSSL affects several Siemens industrial products. Siemens has released updates for some affected products and is working on updates for others.

Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Industrial Products include affected processors and are affected by the vulnerabilities.

Security researchers published information on vulnerabilities known as Spectre-NG (Variants 3a and 4). These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Industrial Products include affected processors and are affected by the vulnerabilities.

Versions of SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200 SP Open Controller are affected by a denial-of-service vulnerability. An attacker with network access to the PLC can cause a Denial-of-Service condition on the network stack.

There are multiple vulnerabilities in the Intel Management Engine used in multiple SIMATIC IPC devices that may allow arbitrary code execution, a partial denial of service or information disclosure. For additional information see: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html. Siemens provides updates for the affected devices.

The EN100 Ethernet communication module and SIPROTEC 5 relays are affected by security vulnerabilities which could allow an attacker to conduct a Denial-of-Service attack over the network. Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes …