Bulletins

SIEMENS CERT
02/10/2020

SSA-914382 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-400 CPU Family

SIMATIC S7-400 CPUs are affected by a security vulnerability which could lead to a Denial-of-Service condition of the PLC if specially crafted packets are received and processed. The affected SIMATIC S7-400 CPU hardware versions are in the product cancellation phase or already phased-out. Siemens recommends customers either upgrading to a …
SIEMENS CERT
02/10/2020

SSA-892715 (Last Update: 2020-02-10): ME, SPS and TXE Vulnerabilities in SIMATIC IPCs

Intel has identified vulnerabilities in Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE). As several Siemens Industrial PCs use Intel technology, they are also affected. Siemens has released updates for the affected Industrial PCs.
SIEMENS CERT
02/10/2020

SSA-892012 (Last Update: 2020-02-10): Web Vulnerabilities in SIMATIC S7-1200 CPU Family

The latest product release of the SIMATIC S7-1200 CPU fixes two vulnerabilities. The more severe of these vulnerabilities could allow an attacker to inject HTTP headers if unsuspecting users are tricked to click on a malicious link. Another vulnerability resolved in this product release is discussed below.
SIEMENS CERT
02/10/2020

SSA-874235 (Last Update: 2020-02-10): Intel Vulnerability in Siemens Industrial Products

SIEMENS CERT
02/10/2020

SSA-850708 (Last Update: 2020-02-10): Authentication Bypass in SCALANCE X-200 Switch Family

A potential vulnerability was discovered in the web server’s authentication of SCALANCE X-200 switches that might allow attackers to hijack web sessions over the network without authentication. Siemens addresses the issue with a firmware update.
SIEMENS CERT
02/10/2020

SSA-234763 (Last Update: 2020-02-10): OpenSSL Vulnerabilities in Siemens Industrial Products

Vulnerabilities in OpenSSL (see https://www.openssl.org/news/secadv_20140605.txt) affect several Siemens industrial products. Siemens has released updates for all affected products.
SIEMENS CERT
02/10/2020

SSA-944083 (Last Update: 2020-02-10): HTTP Header Injection in SIMATIC Panels and SIMATIC WinCC (TIA Portal)

The latest update for SIMATIC Panel software and SIMATIC WinCC (TIA Portal) fixes a vulnerability that could allow an attacker with network access to the web server to perform a HTTP header injection attack.
SIEMENS CERT
02/10/2020

SSA-982399 (Last Update: 2020-02-10): Missing Authentication in TIM 1531 IRC Modules

The latest update for TIM 1531 IRC fixes a vulnerability. The device was missing proper authentication when connecting on port 102/tcp, although configured. An attacker needs to be able to connect to port 102/tcp of an affected device in order to exploit this vulnerability. The vulnerability could allow an attacker …