Bulletins

The EN100 Ethernet communication module, which is an optional extension for SIPROTEC 4, SIPROTEC Compact and Reyrolle devices, allows an unauthenticated upload of firmware updates to the communication module in affected versions. Siemens has released updates for several affected products, is working on updates for the remaining affected products, and …

The EN100 Ethernet communication module and SIPROTEC 5 relays are affected by security vulnerabilities which could allow an attacker to conduct a Denial-of-Service attack over the network. Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes …

The SICAM A8000 RTU series is affected by a security vulnerability that could allow unauthenticated remote users to cause a Denial-of-Service (DoS) condition of the web server of affected products. Siemens has released updates for all product variants and recommends that customers update to the new versions.

There are multiple vulnerabilities in the Intel Management Engine used in multiple SIMATIC IPC devices that may allow arbitrary code execution, a partial denial of service or information disclosure. For additional information see: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html. Siemens provides updates for the affected devices.

Versions of SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200 SP Open Controller are affected by a denial-of-service vulnerability. An attacker with network access to the PLC can cause a Denial-of-Service condition on the network stack.

Security researchers published information on vulnerabilities known as Spectre-NG (Variants 3a and 4). These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Industrial Products include affected processors and are affected by the vulnerabilities.