Bulletins

The latest update for SIMATIC WinCC fixes multiple vulnerabilities. The most severe could allow an attacker to execute arbitrary commands on an affected system under certain conditions. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and …

A Cross-Site Scripting (XSS) vulnerability was found in the WebSDK component of Spectrum Power™ 3, 4, 5 and 7. A software update is available to address the issue and Siemens recommends installing the patch.

The SIPROTEC 5 relays and their corresponding engineering software DIGSI 5 are affected by two security vulnerabilities which could allow an attacker to upload or download files to the device or to conduct a Denial-of-Service attack over the network. Siemens has released updates for some affected products, is working on …

The latest update for SCALANCE SC-600 fixes multiple vulnerabilities. The most severe could allow authenticated local users with physical access to the device to execute arbitrary commands on the device under certain conditions. Siemens has released updates for SCALANCE SC-600 devices.

The SIPROTEC 5 Ethernet plug-in communication modules and devices are affected by multiple security vulnerabilities. These vulnerabilities could allow an attacker to leverage various attacks, e.g. to execute arbitrary code over the network. Eleven of these vulnerabilities affect the underlying Wind River VxWorks network stack and were recently patched by …

The latest update for SIMATIC WinCC fixes a vulnerability in the SIMATIC WinCC DataMonitor web application of the affected products that allows to upload arbitrary ASPX code. An attacker has to be authenticated with a valid user account. The vulnerability is only relevant for scenarios where access via the web …