SIEMENS CERT
12/08/2020
Recently security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities. The Siemens products mentioned below are affected by one of these vulnerabilities (CVE-2020-13988). Siemens has released updates for SENTRON PAC devices, is working on updates for SIRIUS 3RW5 communication …
SIEMENS CERT
12/08/2020
The latest update for LOGO! 8 BM fixes multiple vulnerabilities. The most severe could allow an attacker with network access to gain full control over the device. Siemens has released updates for the affected products and recommends that customers update to the latest version.
SIEMENS CERT
12/08/2020
Some firmware versions of the affected products use outdated and insecure ciphers or can be downgraded to use outdated and insecure ciphers.
SIEMENS CERT
12/08/2020
Multiple TightVNC (V1.x) vulnerabilities in the affected products could allow remote code execution and Denial-of-Service attacks under certain conditions. Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.
SIEMENS CERT
12/08/2020
The latest update for affected products fix local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. Siemens has released updates for some of the affected products, and is working on further updates. For the remaining affected products, Siemens …
SIEMENS CERT
12/08/2020
SCALANCE X switches, RUGGEDCOM Win, RFID 181EIP, and SIMATIC RF182C are affected by a vulnerability that could allow an unprivileged attacker located in the same local network segment (OSI Layer 2) to gain system privileges by sending a specially crafted DHCP response to a client’s DHCP request. Siemens has released …
SIEMENS CERT
12/08/2020
The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens is working on software …
SIEMENS CERT
12/08/2020
A vulnerability was identified in LOGO! Soft Comfort. The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project. Siemens has released an update for the LOGO! Soft Comfort and recommends that customers update to the latest version.