• 1
  • 2 (current)
Tuesday, 14.04.2020
Title
SSA-473245 (Last Update: 2020-04-14): Denial-of-Service Vulnerability in Profinet Devices
Published
April 14, 2020, 2 a.m.
Summary
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates ...
Title
SSA-629512 (Last Update: 2020-04-14): Local Privilege Escalation Vulnerability in TIA Portal
Published
April 14, 2020, 2 a.m.
Summary
The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges. Siemens has released updates for TIA Portal V15 and V16, and is working on updates for TIA Portal V14. Siemens recommends specific countermeasures as there are currently no ...
Title
SSA-102233 (Last Update: 2020-04-14): SegmentSmack in VxWorks-based Industrial Devices
Published
April 14, 2020, 2 a.m.
Summary
The latest updates for the affected products fix a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens is ...
Title
SSA-398519 (Last Update: 2020-04-14): Vulnerabilities in Intel CPUs (November 2019)
Published
April 14, 2020, 2 a.m.
Summary
Intel has published information on vulnerabilities in Intel products in November 2019. In this advisory Siemens only explicitly mentions the vulnerabilities from the "Intel® CPU Security Advisory" and one vulnerability from "Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory" and lists the Siemens IPC ...
Title
SSB-382508 (Last Update: 2020-04-14): ActiveX used in Industrial Products
Published
April 14, 2020, 2 a.m.
Summary
Monday, 13.04.2020
Title
SSA-589272 (Last Update: 2020-04-13): Security vulnerability in SIMATIC S7-400 V6 PN CPUs
Published
April 13, 2020, 2 a.m.
Summary
When receiving specially crafted ICMP network packets, SIMATIC S7-400 V6 PN CPU products may go into defect mode. This could allow attackers to perform a Denial-of-Service attack on the CPUs. Siemens has released updates for the affected products.
Title
SSA-617264 (Last Update: 2020-04-13): Multiple Security Vulnerabilities in SIMATIC S7-400 V5 PN CPUs
Published
April 13, 2020, 2 a.m.
Summary
When receiving malformed network data, SIMATIC S7-400 V5 PN CPUs may go into defect mode. This would allow attackers to perform a Denial-of-Service attack on the CPUs. Siemens will not publish a fix for this vulnerability as this product version is discontinued since October 2011 [1]. Version V6 is not ...
Wednesday, 08.04.2020
Title
AA20-099A: COVID-19 Exploited by Malicious Cyber Actors
Published
April 8, 2020, 2 p.m.
Summary
Original release date: April 8, 2020SummaryThis is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on exploitation by cybercriminal and advanced persistent threat (APT) groups of the ...
Tuesday, 07.04.2020
Title
Advantech WebAccess/NMS
Published
April 7, 2020, 4:25 p.m.
Summary
This advisory contains mitigations for multiple vulnerabilities in Advantech's WebAccess/NMS network management system.
Title
GE Digital CIMPLICITY
Published
April 7, 2020, 4:20 p.m.
Summary
This advisory contains mitigations for a privilege escalation vulnerability in GE Digital CIMPLICITY HMI/SCADA products.
Title
HMS Networks eWON Flexy and Cosy
Published
April 7, 2020, 4:15 p.m.
Summary
This advisory contains mitigations for a cross-site scripting vulnerability in HMS Networks eWON Flexy and Cosy Industrial VPN routers.
Title
KUKA.Sim Pro
Published
April 7, 2020, 4:05 p.m.
Summary
This advisory contains mitigations for a ### vulnerability in ###, a ###
Title
Synergy Systems & Solutions HUSKY RTU (Update A)
Published
April 7, 2020, 4 p.m.
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-20-042-01 Synergy Systems & Solutions HUSKY RTU that was published February 11, 2020, to the ICS webpage on us-cert.gov. This advisory contains mitigations for improper authentication and improper input validation vulnerabilities in Synergy Systems & Solutions HUSKY RTU, a ...
Thursday, 02.04.2020
Title
B&R Automation Studio
Published
April 2, 2020, 4 p.m.
Summary
This advisory contains mitigations for improper privilege management, missing required cryptographic step, and path traversal vulnerabilities in B&R Automation Studio software.
  • 1
  • 2 (current)

Last Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds