Bulletins

Various industrial products use the Discovery Service of the OPC UA protocol stack by the OPC foundation https://github.com/OPCFoundation/UA-.NETStandard and could therefore be affected by the remote resource consumption attacks (CVE-2017-12069).

Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected. Siemens has released …

The SICAM A8000 RTU series is affected by a security vulnerability that could allow unauthenticated remote users to cause a Denial-of-Service (DoS) condition of the web server of affected products. Siemens has released updates for all product variants and recommends that customers update to the new versions.

The firmware variant IEC 61850 of the EN100 Ethernet communication module for SWT 3000 is affected by security vulnerabilities which could allow an attacker to conduct a Denial-of-Service attack over the network. Siemens has released updates for several affected products, is working on updates for the remaining affected products, and …

Multiple vulnerabilities have been identified in SIEMENS CP1604 and CP1616 devices. The most severe of these vulnerabilities could allow an attacker to extract internal communication data or cause a Denial-of-Service condition.

Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates …