Bulletins | CERT@VDE

…
140
141
142 (current)
143
144
…

October 2018

09.10.2018

SIEMENS CERT

SSA-268644 (Last Update: 2018-10-09): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products

Title

SSA-268644 (Last Update: 2018-10-09): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products

Published

Oct. 9, 2018, 2 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf

Summary

Security researchers published information on vulnerabilities known as Spectre-NG (Variants 3a and 4). These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Industrial Products include affected processors and are affected by the vulnerabilities.

09.10.2018

SIEMENS CERT

SSA-507847 (Last Update: 2018-10-09): Cross-Site Request Forgery Vulnerability in SIMATIC S7-1200 CPU Family Version 4

Title

SSA-507847 (Last Update: 2018-10-09): Cross-Site Request Forgery Vulnerability in SIMATIC S7-1200 CPU Family Version 4

Published

Oct. 9, 2018, 2 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-507847.pdf

Summary

The latest firmware update for S7-1200 CPU family version 4 fixes a Cross-Site Request Forgery vulnerability. Siemens recommends to update affected devices as soon as possible.

09.10.2018

SIEMENS CERT

SSA-592007 (Last Update: 2018-10-09): Denial-of-Service Vulnerability in Industrial Products

Title

SSA-592007 (Last Update: 2018-10-09): Denial-of-Service Vulnerability in Industrial Products

Published

Oct. 9, 2018, 2 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf

Summary

Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected. Siemens has released ...

09.10.2018

SIEMENS CERT

SSA-179516 (Last Update: 2018-10-09): OpenSSL Vulnerability in Industrial Products

Title

SSA-179516 (Last Update: 2018-10-09): OpenSSL Vulnerability in Industrial Products

Published

Oct. 9, 2018, 2 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf

Summary

A vulnerability in OpenSSL affects several Siemens industrial products. Siemens has released updates for some affected products and is working on updates for others.

09.10.2018

SIEMENS CERT

SSA-979106 (Last Update: 2018-10-09): Vulnerabilities in SIMATIC STEP 7 (TIA Portal) and SIMATIC WinCC (TIA Portal)

Title

SSA-979106 (Last Update: 2018-10-09): Vulnerabilities in SIMATIC STEP 7 (TIA Portal) and SIMATIC WinCC (TIA Portal)

Published

Oct. 9, 2018, 2 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf

Summary

The latest updates for SIMATIC STEP 7 (TIA Portal) and SIMATIC WinCC (TIA Portal) fix two vulnerabilities. These two vulnerabilities could either allow an attacker with local file write access to manipulate files and cause a Denial-of-service-condition, or execute code both on the manipulated installation and on devices that are ...

09.10.2018

SIEMENS CERT

SSA-597741 (Last Update: 2018-10-09): Vulnerability in iOS App SIMATIC WinCC OA Operator

Title

SSA-597741 (Last Update: 2018-10-09): Vulnerability in iOS App SIMATIC WinCC OA Operator

Published

Oct. 9, 2018, 2 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-597741.pdf

Summary

The SIMATIC WinCC OA Operator iOS app is affected by a security vulnerability which could allow an attacker to read unencrypted data from the application’s directory. Precondition for this scenario is that an attacker has physical access to the mobile device.

09.10.2018

SIEMENS CERT

SSA-254686 (Last Update: 2018-10-09): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products

Title

SSA-254686 (Last Update: 2018-10-09): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products

Published

Oct. 9, 2018, 2 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf

Summary

Security researchers published information on vulnerabilities known as Foreshadow and L1 Terminal Fault (L1TF). These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.

Last Updates

By Source

Archive

2024

2023

2022

2021

2020

2019

2018

2017

Feeds