Bulletins

SIEMENS CERT
04/14/2020

SSA-398519 (Last Update: 2020-04-14): Vulnerabilities in Intel CPUs (November 2019)

Intel has published information on vulnerabilities in Intel products in November 2019. In this advisory Siemens only explicitly mentions the vulnerabilities from the "Intel® CPU Security Advisory" and one vulnerability from "Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory" and lists the Siemens IPC …
SIEMENS CERT
04/14/2020

SSA-431678 (Last Update: 2020-04-14): Denial-of-Service Vulnerability in SIMATIC S7 CPU Families

SIMATIC S7 CPU families are affected by a vulnerability that could allow remote attackers to perform a Denial-of-Service attack by sending a specially crafted HTTP request to the web server of an affected device. Siemens has released updates for several affected products, is working on updates for the remaining affected …
SIEMENS CERT
04/14/2020

SSA-462066 (Last Update: 2020-04-14): Vulnerability known as TCP SACK PANIC in Industrial Products

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products, and recommends that customers update to the latest version. Siemens is preparing …
SIEMENS CERT
04/14/2020

SSA-473245 (Last Update: 2020-04-14): Denial-of-Service Vulnerability in Profinet Devices

A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates …
SIEMENS CERT
04/14/2020

SSA-629512 (Last Update: 2020-04-14): Local Privilege Escalation Vulnerability in TIA Portal

The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges. Siemens has released updates for TIA Portal V15 and V16, and is working on updates for TIA Portal V14. Siemens recommends specific countermeasures as there are currently no …
SIEMENS CERT
04/14/2020

SSB-382508 (Last Update: 2020-04-14): ActiveX used in Industrial Products

SIEMENS CERT
04/14/2020

SSB-439005 (Last Update: 2020-04-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP

SIEMENS CERT
04/14/2020

SSA-102233 (Last Update: 2020-04-14): SegmentSmack in VxWorks-based Industrial Devices

The latest updates for the affected products fix a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens is …