Bulletins

The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. Siemens has released updates for several affected products and recommends …

A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest …

The Administration Console of SIMATIC PCS neo leaks Windows admin credentials. An attacker with local Windows access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems. Siemens has released a security patch for the affected products and recommends …

Spectrum Power 7 is affected by a vulnerability that could allow an authenticated local attacker to inject arbitrary code to the update script and escalate privileges. Siemens has released an update for Spectrum Power 7 and recommends to update to the latest version.

Affected SIMATIC firmware contains multiple vulnerabilities that could allow an unauthenticated attacker to perform a denial of service attack under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest versions.

Several SIMATIC products are affected by a timing based side channel vulnerability in the OpenSSL RSA Decryption (CVE-2023-4304), as disclosed on 2023-02-07 at https://www.openssl.org/news/secadv/20230207.txt. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for …

Multiple vulnerabilities have been identified in the BIOS of the SIMATIC S7-1500 TM MFP V1.0. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.