Bulletins

Multiple vulnerabilities affecting WPA/WPA2 implementations were identified by a researcher and publicly disclosed under the term "Key Reinstallation Attacks" (KRACK). These vulnerabilities could potentially allow an attacker within the radio range of the wireless network to decrypt, replay or inject forged network packets into the wireless communication. Several Siemens Industrial …

IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC products are affected by a security vulnerability which could allow an attacker to either exfiltrate limited data from the system or to execute code with operating system user permissions. Siemens has released updates for …

The latest update for SIMATIC Panel software and SIMATIC WinCC (TIA Portal) fixes a vulnerability that could allow an attacker with network access to the web server to perform a HTTP header injection attack.

A vulnerability in OpenSSL affects several Siemens industrial products. Siemens has released updates for some affected products and is working on updates for others.

The latest firmware update for S7-1200 CPU family version 4 fixes a Cross-Site Request Forgery vulnerability. Siemens recommends to update affected devices as soon as possible.

The latest update for ROX II fixes two vulnerabilities. One vulnerability could allow an attacker with a low-privileged user account to execute arbitrary commands. The other vulnerability could allow an attacker with a low-privileged user account to escalate his privileges. Siemens recommends to update to the new version as soon …

The latest update for SCALANCE W1750D addresses a vulnerability known as ROBOT Attack. The vulnerability could allow an attacker to decrypt TLS traffic. Siemens provides a firmware update and recommends users to update to the new version.