Bulletins

SIMATIC HMI Panels are affected by a vulnerability that could allow a remote attacker to gain full access to the device(s), if the telnet service is enabled. Siemens has released updates for the affected products and recommends to update to the latest versions.

Security researchers discovered and disclosed seven vulnerabilities in the open-source DNS component “dnsmasq”, also known as “DNSpooq” vulnerabilities (CVE-2020-25681 through CVE-2020-25687). Three vulnerabilities (CVE-2020-25684 through CVE-2020-25686) affect the validation of DNS responses and impact several SCALANCE and RUGGEDCOM devices as listed below. Siemens is preparing updates and recommends countermeasures for …

Solid Edge is affected by multiple vulnerabilities that could allow arbitrary code execution on an affected system. Siemens has released an update for Solid Edge and recommends to update to the latest version.

CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens and Siemens Energy products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, …

Opcenter Execution Core (formerly known as Camstar Enterprise Platform) contains a cross-site scripting (CVE-2020-7576), an SQL injection (CVE-2020-7577), a privilege escalation (CVE-2020-7578), and an information disclosure vulnerability (CVE-2020-28930) in various versions of the product. Siemens has released an update for Opcenter Execution Core and recommends to update to the latest …

The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges. Siemens has released updates for the affected products and recommends to update to the latest version(s).

Several SCALANCE X switches contain vulnerabilities in the web server of the affected devices. An unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities. Siemens has released updates for several affected products and recommends to update to the …