11.06.2024

Siemens

SSA-319319

TIA Administrator creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process.

TIA-Administrator <3.2

Siemens has released a new version for TIA Administrator and recommends to update to the latest version. 

Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk.Remove write permissions for non-administrative users on files and folders located under the installation path

05.07.2024

11.06.2024

Siemens

SSA-353002

The SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG group is affected by multiple vulnerabilities. CVE-2023-44318 and CVE-2023-44321 were previously published as part of SSA-699386.

SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG group.

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

05.07.2024

11.06.2024

Siemens

SSA-711309

Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products

All SEEPEX control featuring the following SIEMENS Software: 

-       SIMATIC S7-12xx

-       SIMATIC S7-15xx

SIMATIC ET 200SP

Currently no fix available/ Update to latest version

05.07.2024

IMPORTANT NOTICE:

Rockwell Automation reiterates the instruction to its customers to disconnect devices from the Internet to protect against cyber threats Due to heightened geopolitical tensions and hostile cyber activity around the world, Rockwell Automation urges all customers to IMMEDIATELY check if their devices are connected to the public Internet and, if so, to urgently remove that connection for devices that are not specifically designed for a public Internet connection.

All SEEPEX controls with Rockwell Automation Hardware

Due to heightened geopolitical tensions and adversarial cyber activity globally, Rockwell Automation is issuing this notice urging all customers to take IMMEDIATE action to assess whether they have devices facing the public internet and, if so, urgently remove that connectivity for devices not specifically designed for public internet connectivity.

30.05.2024

A vulnerability has been discovered in the SIMATIC S7-1500 CPU family and related products that could allow an attacker to trigger a denial of service condition. In order to exploit the vulnerability, an attacker must have access to the affected devices on port 102/tcp.

All SEEPEX controls with the following SIEMENS hardware: 

• SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0)

No solution is currently planned

30.05.2024

Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products

All SEEPEX controls featuring the following SIEMENS Software:

• SIMATIC S7-12xx
• SIMATIC S7-15xx
• SIMATIC     ET 200SP

Currently no fix available / Update to latest version

27.02.2024

Information disclosure to LOCAL attacker to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs

All SEEPEX controls featuring the following SIEMENS hardware:

• SIMATIC S7-12xx
• SIMATIC S7-15xx

Exclusion of local attackers

and/or

firmware update to V19 or later version

14.02.2024

Multiple Vulnerabilities in SIMATIC S7-1500 CPUs of GNU/Linux subsystem

All SEEPEX controls featuring the following SIEMENS hardware:

• SIMATIC S7-15xx

Denial of Service Vulnerability in SIMATIC S7- 1500 CPUs via port 102 tcp

All SEEPEX controls featuring the following SIEMENS hardware:

• SIMATIC S7-15xx

Firmware update to V3.1.0 or later version

14.02.2024

Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products

All SEEPEX controls on SIEMENS PLCs that are connected to a SEEPEX Gateway (e.g. SPG)

Firmware update to V8.1. SP1 or later version

14.02.2024

Multiple Vulnerabilities on SIEMENS SCALANCE Routern

All SEEPEX control cabinets featuring the following SIEMENS hardware:

• SCALANCE XB-200, XC- 200, XP-200, XF-200BA and XR-300WG

Firmware update to V4.5 or later version

14.02.2024

Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families

All SEEPEX controls featuring the following SIEMENS hardware:

• SIMATIC S7-12xx
• SIMATIC S7-15xx
• SIMATIC ET 200SP Open Controller CPU

SIMATIC S7-12xx:

firmware update to V4.5 or later version

 SIMATIC S7-15xx: 

 firmware update to V2.9.2 or later version

14.02.2024