Bulletins

Several SCALANCE X switches contain vulnerabilities in the web server of the affected devices. An unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities. Siemens has released updates for several affected products and recommends to update to the …

The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released an update …

A vulnerability in several SCALANCE X devices could allow an unauthenticated attacker with network access to an affected device to perform a denial-of-service. Siemens has released an update for SCALANCE X-200IRT and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or …

CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens and Siemens Energy products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, …

Security researchers published information on a vulnerability known as Crosstalk (INTEL-SA-00320). This vulnerability affects modern Intel processors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerability. Siemens is preparing updates and recommends specific countermeasures until fixes are available.

Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities. The Siemens products mentioned below are affected by one of these vulnerabilities (CVE-2020-13988). Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens …

Siemens has released version V13.1.0 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (JT, XML, CG4, CGM, PDF, RGB, SGI, TGA, PAR, ASM, PCX). If a user is tricked to opening of a malicious file with …