Bulletins

SIEMENS CERT
07/14/2020

SSA-671286 (Last Update: 2020-07-14): Multiple Vulnerabilities in SCALANCE Products

The latest updates for the below mentioned products contain fixes for multiple vulnerabilities. The most severe could allow authenticated local users with physical access to the device to execute arbitrary commands on the device under certain conditions. Siemens has released updates for the affected products and recommends that customers update …
SIEMENS CERT
07/14/2020

SSA-689942 (Last Update: 2020-07-14): Denial-of-Service and DLL Hijacking Vulnerabilities in Multiple SIMATIC Software Products

Multiple SIMATIC Software products are affected by two vulnerabilities that could allow an attacker to manipulate project files that may lead to Remote Code Execution or Denial-of-Service attacks. Siemens has released updates to some of the affected products and recommends that customers update to the latest version. Siemens is preparing …
SIEMENS CERT
07/14/2020

SSA-841348 (Last Update: 2020-07-14): Multiple Vulnerabilities in the UMC Stack

The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative …
SIEMENS CERT
07/14/2020

SSA-978220 (Last Update: 2020-07-14): Denial-of-Service Vulnerability over SNMP in Multiple Industrial Products

Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates …
SIEMENS CERT
07/14/2020

SSB-439005 (Last Update: 2020-07-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP

SIEMENS CERT
07/14/2020

SSA-686531 (Last Update: 2020-07-14): Hardware based manufacturing access on S7-1200 and S7-200 SMART

There is an access mode used during manufacturing of SIMATIC S7-1200 and S7-200 SMART CPUs that allows additional diagnostic functionality. Using this functionality requires physical access to the CPU during boot process. If additional protection from unauthorized use is needed Siemens provides specific countermeasures via an update of the device …
SIEMENS CERT
06/09/2020

SSA-312271 (Last Update: 2020-06-09): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications

The latest update for affected products fix local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. Siemens has released updates for some of the affected products, and is working on further updates. For the remaining affected products, Siemens …
SIEMENS CERT
06/09/2020

SSA-689942 (Last Update: 2020-06-09): Denial-of-Service and DLL Hijacking Vulnerabilities in Multiple SIMATIC Software Products

Multiple SIMATIC Software products are affected by two vulnerabilities that could allow an attacker to manipulate project files that may lead to Remote Code Execution or Denial-of-Service attacks. Siemens has released updates to some of the affected products and recommends that customers update to the latest version. Siemens is preparing …