SIEMENS CERT
02/11/2020
Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates …
SIEMENS CERT
02/11/2020
SIPORT MP version 3.1.4 fixes a vulnerability that allowed to create special accounts ("service users") which could enable an authenticated attacker to perform actions that are invisible to other users of the system. Siemens recommends customers to apply the update. For older versions, a hotfix and a tool are available …
SIEMENS CERT
02/11/2020
OZW672 and OZW772 Web Server versions < 10.00 contain a vulnerability that could allow unauthenticated users to access project files under certain conditions. Siemens has released Version 10.00 that fixes the vulnerability and recommends to update all web servers.
SIEMENS CERT
02/10/2020
Siemens SIMATIC S7-1200 CPUs, version 2 and higher, are capable of running an embedded web server. Web server functionality is disabled by default in the 1200 project configuration. However, if enabled, the web server is susceptible to Cross-Site Scripting (XSS). Siemens provides a firmware update which fixes this XSS vulnerability.
SIEMENS CERT
02/10/2020
Vulnerabilities in OpenSSL (see https://www.openssl.org/news/secadv_20140605.txt) affect several Siemens industrial products. Siemens has released updates for all affected products.
SIEMENS CERT
02/10/2020
A vulnerability in OpenSSL affects several Siemens industrial products. Siemens has released updates for some affected products and is working on updates for others.
SIEMENS CERT
02/10/2020
Older versions of the S7-1500 CPU are affected by two Denial-of-Service vulnerabilities. Siemens has released updates for the currently supported hardware versions.