Bulletins

A Socket.IO vulnerability affects multiple Siemens industrial products. This vulnerability consists of a specially crafted Socket.IO packet that triggers an uncaught exception on the Socket.IO server killing the Node.js process allowing a remote attacker to cause Denial-of-Service condition in the affected products. Siemens has released new versions for several affected …

A Denial-of-Service vulnerability has been identified in LOGO! 8 BM. This vulnerability could allow an attacker to crash a device, if a user is tricked into loading a malicious project file onto an affected device. The vulnerability is related to the hardware of the product. Siemens has released new hardware …

The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the data. Siemens has released new versions for the affected products and recommends to update to the …

Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version of Fortigate NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.

LOGO! V8.3 BM (incl. SIPLUS variants) devices contain a vulnerability that could allow an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed …

SINEMA Remote Connect Server before V3.2 SP2 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Client and recommends to update to the latest version.

LOGO! V8.3 BM (incl. SIPLUS variants) devices contain a plaintext storage of a password vulnerability. This could allow an attacker with phyiscal access to an affected device to extract user-set passwords from an embedded storage IC. Siemens has released new hardware versions with the LOGO! V8.4 BM and the SIPLUS …