Bulletins

Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family that could allow an attacker to cause a denial of service condition. In order to exploit the vulnerabilities, an attacker must have access to the affected devices on port 102/tcp via Ethernet, PROFIBUS or Multi Point Interfaces (MPI). Siemens …

Affected SIMATIC firmware contains multiple vulnerabilities that could allow an unauthenticated attacker to perform a denial of service attack under certain conditions. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates …

A vulnerability in affected devices could allow an attacker to perform a denial of service attack if a large amount of specially crafted UDP packets are sent to the device. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures …

The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.. Siemens has released updates for several affected products and recommends to update to the latest versions. …

A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial of service attack. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products …

The SCALANCE W1750D device is affected by Wi-Fi encryption bypass vulnerabilities (“Framing Frames”) that could allow an attacker to disclose sensitive information or to steal the victims session. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.