Bulletins

Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is …

Intel has identified vulnerabilities in Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE). As several Siemens Industrial PCs use Intel technology, they are also affected. Siemens has released updates for the affected Industrial PCs.

A vulnerability in OpenSSL affects several Siemens industrial products. Siemens has released updates for some affected products and is working on updates for others.

Older versions of the S7-1500 CPU are affected by two Denial-of-Service vulnerabilities. Siemens has released updates for the currently supported hardware versions.

The latest update for SIMATIC Panel software and SIMATIC WinCC (TIA Portal) fixes two web vulnerabilities. The most severe is a vulnerability which could allow an attacker with network access to the integrated webserver to download arbitrary files. Siemens recommends to update to the newest version.

Two vulnerabilities have been identified in SIEMENS LOGO!8 BM devices. The most severe vulnerability could allow an attacker to hijack existing web sessions. Siemens provides LOGO!8 BM FS-05 with firmware version V1.81.2, which fixes the first vulnerability, and recommends specific mitigations for the second vulnerability.

A vulnerability in the affected devices could allow an unauthenticated attacker with network access to an affected device to perform a denial-of-service. Siemens is preparing updates and recommends specific countermeasures until patches are available.