Bulletins

The latest update for SIMATIC Panel Software and SIMATIC WinCC (TIA Portal) fixes two vulnerabilities. The most severe is a vulnerability which could allow an attacker with network access to the integrated device to read and write variables via SNMP. Siemens recommends to update to the newest version.

Siemens has released a firmware update for the SIMATIC S7-300 CPU family which fixes a vulnerability that could allow remote attackers to perform a Denial-of-Service attack under certain conditions.

Siemens became aware that the discontinued products SIMATIC S7-1200 CPUs prior to version 4 could allow for the circumvention of user program block protection under certain conditions.

A potential vulnerability was discovered in the web server’s authentication of SCALANCE X-200 switches that might allow attackers to hijack web sessions over the network without authentication. Siemens addresses the issue with a firmware update.

The latest product release of the SIMATIC S7-1200 CPU fixes two vulnerabilities. The more severe of these vulnerabilities could allow an attacker to inject HTTP headers if unsuspecting users are tricked to click on a malicious link. Another vulnerability resolved in this product release is discussed below.

A vulnerability in the affected products could allow an unauthorized attacker with network access to perform a denial-of-service attack resulting in loss of real-time synchronization. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific …

A vulnerability was identified in several SCALANCE X switches that could allow an attacker to feed information into a network via the mirror port with the monitor barrier feature enabled. The monitor barrier implementation in several SCALANCE X switches does allow traffic to be directed back into the mirroring network. …