Bulletins

The latest update for SIMATIC CP 1543-1 contains two fixes for vulnerabilities within its embedded ProFTPD FTP server. The more severe of these vulnerabilities could allow for remote code execution and information disclosure without authentication. Siemens has released updates for SIMATIC CP 1543-1 modules.

A vulnerability in the affected products could allow an unauthorized attacker with network access to perform a denial-of-service attack resulting in loss of real-time synchronization. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific …

A potential vulnerability was discovered in the SINAMICS S/G converter family which might allow attackers to access administrative functions on the device without authentication. Siemens addresses the issue by a firmware update.

Two vulnerabilities have been identified in SIEMENS LOGO!8 devices. The Session ID on the integrated webserver of LOGO!8 devices is not invalidated upon logout. The second vulnerability could allow an attacker with network access to port 10005/tcp to cause a Denial-of-Service condition by sending specifically crafted packages to the service. …

The latest update for SIMATIC Panel Software and SIMATIC WinCC (TIA Portal) fixes two vulnerabilities. The most severe is a vulnerability which could allow an attacker with network access to the integrated device to read and write variables via SNMP. Siemens recommends to update to the newest version.

Siemens has released a firmware update for the SIMATIC S7-300 CPU family which fixes a vulnerability that could allow remote attackers to perform a Denial-of-Service attack under certain conditions.

Siemens became aware that the discontinued products SIMATIC S7-1200 CPUs prior to version 4 could allow for the circumvention of user program block protection under certain conditions.