Bulletins

The latest firmware update for SIMATIC S7-1200 CPUs fixes a vulnerability that could allow an attacker to perform a CSRF (Cross-Site Request Forgery) attack under certain conditions.

SIMOCODE pro V EIP is affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released an update for SIMOCODE pro V EIP and recommends that customers update to the new version.

Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Industrial Products include affected processors and are affected by the vulnerabilities.

A vulnerability in OpenSSL affects several Siemens industrial products. Siemens has released updates for some affected products and is working on updates for others.

A potential vulnerability was discovered in the web server authentication of SCALANCE X-200 and X-200IRT switches that might allow attackers to perform administrative operations over the network without authentication. This issue only applies to switches using older firmware versions and has been fixed from firmware V4.5.0 (non-IRT) and V5.1.0 (IRT) …

Two cross-site-scripting (XSS) vulnerabilities were found in the web server of several SCALANCE X switches. Siemens recommends updating the firmware to the newest version as soon as possible.

Several SCALANCE X switches are affected by an Authentication Bypass vulnerability. The vulnerability allows an unauthenticated attacker to violate access-control rules. The vulnerability can be exploited by sending a GET request to a specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be …