Bulletins

A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates …

The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further …

The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. Siemens recommends specific countermeasures for products where updates …

SIMATIC S7 CPU families are affected by a vulnerability that could allow remote attackers to perform a Denial-of-Service attack by sending a specially crafted HTTP request to the web server of an affected device. Siemens has released updates for several affected products, is working on updates for the remaining affected …

Teamcenter is affected by two security vulnerabilities in the File Service Cache service that could lead to command injection and denial of service issues. Siemens has released updates for the affected products and recommends to update to the latest versions.

Vulnerabilities in third-party component cURL could allow an attacker to interfere with the affected products in various ways. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.