SIEMENS CERT
        01/14/2020
      SSA-242353 (Last Update: 2020-01-14): Access Control Vulnerability in SINAMICS PERFECT HARMONY GH180
          A race condition in the restart behaviour of SINAMICS PERFECT HARMONY GH180 could allow an unauthorized attacker with physical access to the affected device to restart the HMI with disabled security controls, which could be used to launch further attacks against the affected device. Siemens recommends customers to apply a …
        
      
    SIEMENS CERT
        01/14/2020
      
          Microsoft has released updates for several versions of Microsoft Windows, which fix a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system if the system exposes the service to the network. RAPIDPoint® 500 systems operating on Windows …
        
      
    SIEMENS CERT
        01/14/2020
      SIEMENS CERT
        01/14/2020
      
          The EN100 Ethernet communication modules are affected by security vulnerabilities which could allow an attacker to disclose information. Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available.
        
      
    SIEMENS CERT
        01/14/2020
      
          The latest update for SINEMA Server fixes a vulnerability that could allow authenticated users with a low-privileged account to perform firmware updates (as well as other administrative operations) on connected devices. Therefore, Siemens recommends to update the affected products.
        
      
    SIEMENS CERT
        01/14/2020
      
          The latest update for TIA Portal fixes a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges. Siemens has released an update for TIA Portal V15, is working on updates for other versions of TIA Portal and recommends specific mitigations for vulnerable versions.
        
      
    SIEMENS CERT
        01/14/2020
      
          Several SCALANCE X switches are affected by an Authentication Bypass vulnerability. The vulnerability allows an unauthenticated attacker to violate access-control rules. The vulnerability can be exploited by sending a GET request to a specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be …
        
      
    SIEMENS CERT
        01/14/2020
      
          A vulnerability in SIMATIC WinAC RTX (F) 2010 controller software could allow an attacker to perform a denial-of-service attack if a large HTTP request is sent to the network port of the host where WinAC RTX is running. Siemens has released SIMATIC WinAC RTX (F) 2010 incl. SP3 Update 1 …