SIEMENS CERT
09/14/2021
SIMATIC S7-1200 PLC, version V4.5.0 fails to authenticate against configured passwords when the affected device was provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. Siemens has released an update for SIMATIC …
SIEMENS CERT
09/14/2021
The latest updates for the below mentioned products fix a vulnerability that allows an unauthenticated attacker to read PLC variables from affected devices without proper authentication under certain circumstances. Siemens has released updates for some of the affected products, is working on updates for the remaining affected products and recommends …
SIEMENS CERT
09/14/2021
SSA-936080 V1.2 (Last Update: 2021-09-14): Multiple Vulnerabilities in Third-Party Component libcurl
SIMATIC CM 1542-1, SCALANCE SC600 family and SIMATIC CP 343-1 Advanced devices are vulnerable to a vulnerability in the third party component libcurl that could allow an attacker to cause a Denial-of-Service condition on the affected devices. Siemens has released updates for several affected products and recommends to update to …
SIEMENS CERT
09/14/2021
Siemens has released version V13.2.0.2 for JT2Go and Teamcenter Visualization to fix three vulnerabilities that could be triggered while parsing DGN or PAR files. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potential arbitrary code execution. …
SIEMENS CERT
08/19/2021
The latest update for SINEMA Remote Connect Client fixes a vulnerability that could allow a local attacker to escalate privileges or even allow remote code execution under certain circumstances. Siemens has released a firmware update for SINEMA Remote Connect Client and proposes mitigations if an update is not possible.
SIEMENS CERT
08/10/2021
Siemens has released version V13.2.0.1 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (CGM, DGN, DXF, and DWG). If a user is tricked to open a malicious file with the affected products, this could lead the …
SIEMENS CERT
08/10/2021
One of the DNS-related vulnerabilities that were reported as “Name:Wreck” may affect the following Siemens Energy products: Industrial Gas Turbines SGT-100, SGT-200, SGT-300 and SGT-400 with Allen Bradley control systems Aeroderivative Gas Turbines SGT-A20, SGT-A35 and SGT-A65 with FT125 control systems
SIEMENS CERT
08/10/2021
SIMATIC CP 1543-1 and CP 1545-1 devices are affected by multiple vulnerabilities in ProFTPD, a third party component, that could allow a remote attacker to access sensitive information and execute arbitrary code. Siemens has released an update for SIMATIC NET CP 1543-1 and recommends to update to the latest version. …