Bulletins

SIEMENS CERT
02/10/2020

SSA-954136 (Last Update: 2020-02-10): User Impersonation Vulnerability in SCALANCE X-200IRT Switch Family

The latest firmware update for the SCALANCE X-200IRT switch family fixes a vulnerability which could allow attackers to impersonate legitimate users of the web interface.
SIEMENS CERT
02/10/2020

SSA-982399 (Last Update: 2020-02-10): Missing Authentication in TIM 1531 IRC Modules

The latest update for TIM 1531 IRC fixes a vulnerability. The device was missing proper authentication when connecting on port 102/tcp, although configured. An attacker needs to be able to connect to port 102/tcp of an affected device in order to exploit this vulnerability. The vulnerability could allow an attacker …
SIEMENS CERT
02/10/2020

SSA-987029 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family

A vulnerability could allow attackers to perform a Denial-of-Service attack over the network without prior authentication against S7-300 CPUs under certain conditions. Siemens recommends specific mitigations. Siemens will update this advisory when new information becomes available.
SIEMENS CERT
02/10/2020

SSA-994726 (Last Update: 2020-02-10): GHOST Vulnerability in Siemens Industrial Products

The latest updates for the affected products fix the “GHOST” [1] vulnerability identified in glibc library (CVE-2015-0235). Incorrect parsing within the glibc library functions “gethostbyname()” and “gethostbyname2()” could cause a Denial-of-Service of the targeted system. [1] https://nvd.nist.gov/vuln/detail/CVE-2015-0235
SIEMENS CERT
02/10/2020

SSA-234763 (Last Update: 2020-02-10): OpenSSL Vulnerabilities in Siemens Industrial Products

Vulnerabilities in OpenSSL (see https://www.openssl.org/news/secadv_20140605.txt) affect several Siemens industrial products. Siemens has released updates for all affected products.
SIEMENS CERT
02/10/2020

SSA-233109 (Last Update: 2020-02-10): Web Vulnerabilities in SIMATIC Panels

The latest update for SIMATIC Panel software and SIMATIC WinCC (TIA Portal) fixes two web vulnerabilities. The most severe is a vulnerability which could allow an attacker with network access to the integrated webserver to download arbitrary files. Siemens recommends to update to the newest version.
SIEMENS CERT
01/14/2020

SSA-418979 (Last Update: 2020-01-14): Vulnerabilities in EN100 Ethernet Communication Module

The EN100 Ethernet communication modules are affected by security vulnerabilities which could allow an attacker to disclose information. Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available.
SIEMENS CERT
01/14/2020

SSA-632562 (Last Update: 2020-01-14): Vulnerabilities in SIPROTEC 5 Ethernet plug-in communication modules and devices

The SIPROTEC 5 Ethernet plug-in communication modules and devices are affected by multiple security vulnerabilities. These vulnerabilities could allow an attacker to leverage various attacks, e.g. to execute arbitrary code over the network. The underlying Wind River VxWorks network stack is affected by eleven vulnerabilities known as 'URGENT/11'. Of these, …