SIEMENS CERT
12/10/2019
SiNVR V3 contains seven vulnerabilities in the components Video Server and Central Control Server (CCS), involving authentication bypass (CVE-2019-18337, CVE-2019-18339, CVE-2019-18341), information disclosure (CVE-2019-13947, CVE-2019-18340), path traversal (CVE-2019-18338), and privilege escalation (CVE-2019-18342). Siemens recommends specific countermeasures until fixes are available.
SIEMENS CERT
12/10/2019
The EN100 Ethernet communication modules are affected by security vulnerabilities which could allow an attacker to disclose information. Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available.
SIEMENS CERT
12/10/2019
Multiple vulnerabilities have been identified in XHQ Operations Intelligence product line. These vulnerabilities could allow for data injection in XHQ's web interfaces. Siemens recommends to update XHQ Operations Intelligence product line to the newest version.
SIEMENS CERT
12/10/2019
SPPA-T3000 Application Server and MS3000 Migration Server are affected by multiple vulnerabilities. Some of the vulnerabilities can allow an attacker to execute arbitrary code on the server. Exploitation of the vulnerabilities described in this advisory requires access to either Application- or Automation Highway. Both highways should not be exposed if …
SIEMENS CERT
11/12/2019
There is an access mode used during manufacturing of S7-1200 CPUs that allows additional diagnostic functionality. Using this functionality requires physical access to the UART interface during boot process. Siemens is working on a solution and recommends specific countermeasures until the solution is available.
SIEMENS CERT
11/12/2019
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing …
SIEMENS CERT
11/12/2019
Security researchers published information on vulnerabilities known as ZombieLoad and Microarchitectural Data Sampling (MDS). These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.
SIEMENS CERT
11/12/2019
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates …