Bulletins

SIEMENS CERT
01/14/2020

SSA-480230 (Last Update: 2020-01-14): Denial-of-Service in Webserver of Industrial Products

A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends …
SIEMENS CERT
01/14/2020

SSA-646841 (Last Update: 2020-01-14): Recoverable Password from Configuration Storage in SCALANCE X Switches

A vulnerability exists in several SCALANCE X switches that could allow external entities to reconstruct passwords for users of the affected devices if an attacker is able to obtain a backup of the device configuration. Siemens has released updates for some of the affected devices and is working on updates …
SIEMENS CERT
01/14/2020

SSA-473245 (Last Update: 2020-01-14): Denial-of-Service Vulnerability in Profinet Devices

A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates …
SIEMENS CERT
01/14/2020

SSB-439005 (Last Update: 2020-01-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP

SIEMENS CERT
01/14/2020

SSA-349422 (Last Update: 2020-01-14): Denial-of-Service in Industrial Real-Time (IRT) Devices

A vulnerability in the affected products could allow an unauthorized attacker with network access to perform a denial-of-service attack resulting in loss of real-time synchronization. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific …
SIEMENS CERT
12/10/2019

SSA-232418 (Last Update: 2019-12-10): Vulnerabilities in SIMATIC S7-1200 and SIMATIC S7-1500 CPU families

Two vulnerabilities have been identified in the SIMATIC S7-1200 and S7-1500 CPU families. One vulnerability could allow an attacker with network access to affected devices to modify the user program stored on these devices such that the source code differs from the actual running code. The other vulnerability could allow …
SIEMENS CERT
12/10/2019

SSA-418979 (Last Update: 2019-12-10): Vulnerabilities in EN100 Ethernet Communication Module

The EN100 Ethernet communication modules are affected by security vulnerabilities which could allow an attacker to disclose information. Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available.
SIEMENS CERT
12/10/2019

SSA-761617 (Last Update: 2019-12-10): Multiple Vulnerabilities in SiNVR Video Management Solution

SiNVR V3 contains seven vulnerabilities in the components Video Server and Central Control Server (CCS), involving authentication bypass (CVE-2019-18337, CVE-2019-18339, CVE-2019-18341), information disclosure (CVE-2019-13947, CVE-2019-18340), path traversal (CVE-2019-18338), and privilege escalation (CVE-2019-18342). Siemens recommends specific countermeasures until fixes are available.