Bulletins

Multiple vulnerabilities have been identified in the XHQ Operations Intelligence product line. These vulnerabilities could allow for data injection in the XHQ’s web interfaces. Siemens recommends to update XHQ Operations Intelligence product line to the newest version.

Security researchers published information on a vulnerability known as Crosstalk (INTEL-SA-00320). This vulnerability affects modern Intel processors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerability. Siemens is preparing updates and recommends specific countermeasures until fixes are available.

A missing authentication vulnerability has been identified in SIEMENS LOGO!8 BM devices. The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from the devices if the attacker has access to port 135/tcp.

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further …

SIMATIC HMI Products are affected by two vulnerabilities that could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.

Two vulnerabilities have been identified in SIEMENS LOGO!8 BM devices. The most severe vulnerability could allow an attacker to hijack existing web sessions. Siemens has released updates for the affected products and recommends that customers update to the latest version.

A vulnerability was identified in LOGO! Soft Comfort. The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project. Siemens has released an update for the LOGO! Soft Comfort and recommends that customers update to the latest version.