Bulletins

SIEMENS CERT
12/08/2020

SSB-439005 V3.0 (Last Update: 2020-12-08): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP

SIEMENS CERT
12/08/2020

SSA-462066 V2.1 (Last Update: 2020-12-08): Vulnerability known as TCP SACK PANIC in Industrial Products

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further …
SIEMENS CERT
12/08/2020

SSA-480230 V2.1 (Last Update: 2020-12-08): Denial-of-Service in Webserver of Industrial Products

A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific …
SIEMENS CERT
12/08/2020

SSA-534763 V1.2 (Last Update: 2020-12-08): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products

Security researchers published information on a vulnerability known as Crosstalk (INTEL-SA-00320). This vulnerability affects modern Intel processors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerability. Siemens is preparing updates and recommends specific countermeasures until fixes are available.
SIEMENS CERT
12/08/2020

SSA-542525 V1.2 (Last Update: 2020-12-08): Authentication Vulnerabilities in SIMATIC HMI Products

SIMATIC HMI Products are affected by two vulnerabilities that could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
12/08/2020

SSA-542701 V1.2 (Last Update: 2020-12-08): Vulnerabilities in SIEMENS LOGO!

Multiple vulnerabilities have been identified in SIEMENS LOGO!8 BM devices. The most severe vulnerability could lead to an attacker reading and modifying the device configuration if the attacker has access to port 10005/tcp. Siemens has released an update for the LOGO! 8 BM (incl. SIPLUS variants) and recommends that customers …
SIEMENS CERT
12/08/2020

SSA-616472 V1.7 (Last Update: 2020-12-08): ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products

Security researchers published information on vulnerabilities known as ZombieLoad and Microarchitectural Data Sampling (MDS). These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.
SIEMENS CERT
12/08/2020

SSA-689942 V1.2 (Last Update: 2020-12-08): Denial-of-Service and DLL Hijacking Vulnerabilities in Multiple SIMATIC Software Products

Multiple SIMATIC Software products are affected by two vulnerabilities that could allow an attacker to manipulate project files that may lead to Remote Code Execution or Denial-of-Service attacks. Siemens has released updates to some of the affected products and recommends that customers update to the latest version. Siemens is preparing …