Bulletins

SIEMENS CERT
07/14/2020

SSA-364335 (Last Update: 2020-07-14): Clear Text Transmission Vulnerability on SIMATIC HMI Panels

A clear text transmission vulnerability in SIMATIC HMI panels could allow an attacker to access sensitive information under certain circumstances. Siemens recommends specific countermeasures to mitigate this vulnerability.
SIEMENS CERT
07/14/2020

SSA-671286 (Last Update: 2020-07-14): Multiple Vulnerabilities in SCALANCE Products

The latest updates for the below mentioned products contain fixes for multiple vulnerabilities. The most severe could allow authenticated local users with physical access to the device to execute arbitrary commands on the device under certain conditions. Siemens has released updates for the affected products and recommends that customers update …
SIEMENS CERT
07/14/2020

SSA-689942 (Last Update: 2020-07-14): Denial-of-Service and DLL Hijacking Vulnerabilities in Multiple SIMATIC Software Products

Multiple SIMATIC Software products are affected by two vulnerabilities that could allow an attacker to manipulate project files that may lead to Remote Code Execution or Denial-of-Service attacks. Siemens has released updates to some of the affected products and recommends that customers update to the latest version. Siemens is preparing …
SIEMENS CERT
07/14/2020

SSA-841348 (Last Update: 2020-07-14): Multiple Vulnerabilities in the UMC Stack

The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative …
SIEMENS CERT
07/14/2020

SSA-978220 (Last Update: 2020-07-14): Denial-of-Service Vulnerability over SNMP in Multiple Industrial Products

Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates …
SIEMENS CERT
07/14/2020

SSB-439005 (Last Update: 2020-07-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP

SIEMENS CERT
06/09/2020

SSA-462066 (Last Update: 2020-06-09): Vulnerability known as TCP SACK PANIC in Industrial Products

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products, and recommends that customers update to the latest version. Siemens is preparing …
SIEMENS CERT
06/09/2020

SSA-312271 (Last Update: 2020-06-09): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications

The latest update for affected products fix local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. Siemens has released updates for some of the affected products, and is working on further updates. For the remaining affected products, Siemens …