Bulletins

The latest update for SIMATIC WinCC fixes a vulnerability in the SIMATIC WinCC DataMonitor web application of the affected products that allows to upload arbitrary ASPX code. An attacker has to be authenticated with a valid user account. The vulnerability is only relevant for scenarios where access via the web …

The SIPROTEC 5 Ethernet plug-in communication modules and devices are affected by multiple security vulnerabilities. These vulnerabilities could allow an attacker to leverage various attacks, e.g. to execute arbitrary code over the network. Eleven of these vulnerabilities affect the underlying Wind River VxWorks network stack and were recently patched by …

The latest update for SIMATIC RF6XXR fixes multiple vulnerabilities related to outdated TLS versions that are still supported by the product. Siemens has released a fixed version for the SIMATIC RF6XXR and recommends updating.

Multiple vulnerabilities have been identified in SIEMENS CP1604 and CP1616 devices. The most severe of these vulnerabilities could allow an attacker to extract internal communication data or cause a Denial-of-Service condition.

Microsoft has released updates for several versions of Microsoft Windows, which fix a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system if the system exposes the service to the network. RAPIDPoint® 500 systems operating on Windows …

The latest update for SIMATIC WinCC fixes multiple vulnerabilities. The most severe could allow an attacker to execute arbitrary commands on an affected system under certain conditions. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and …