Filter
13 October 2020
What it feels like for a turbineThe goal of the article is to raise awareness on security of Distributed Control Systems (DCS), propose a methodology for assessment, and a remediation strategy. Defenders are always behind attackers, and this publication is trying to balance things out.
Filter
02 February 2021
Much ado about the certificate: what one should know about Siemens SCALANCE X switch configuration to avoid MitMSiemens has released a security alert which describes some cases of SCALANCE X-200/X-200IRT/X-300 switches using hardcoded encryption keys, making them prone to man-in-the-middle attacks
26 January 2021
A classic that needs updating: fresh vulnerabilities in the software of Siemens SCALANCE X switchesDoS vulnerabilities have been disclosed in the integrated web server of Siemens SCALANCE X-200 / X-200IRT / X-300 switches. Measures proposed by the vendor do not prevent all possible attacks.
17 April 2020
Dozens of Siemens industrial devices are affected by DoS vulnerabilitiesSiemens industrial solutions are affected by SegmentSmack and FragmentSmack vulnerabilities, which could lead to device denial of service
18 December 2019
Multiple vulnerabilities in SPPA-T3000 componentsVulnerabilities have been identified in SPPA-T3000 Application Server and MS3000 Migration Server. Some of the faults are critical and could allow attackers to execute arbitrary code on the server
17 December 2019
Multiple vulnerabilities in Siemens productsVulnerable solutions include SiNVR 3, XHQ Operations Intelligence, RUGGEDCOM ROS, and Siemens EN100
16 July 2019
Dangerous vulnerabilities in Siemens TIA Administrator, SIMATIC WinCC and PCS7Vulnerabilities can lead to a denial-of-service condition and command execution without proper authentication
20 May 2019
Critical vulnerabilities identified by Kaspersky Lab have been corrected in Siemens SIMATIC WinCC and SIMATIC PCS 7Multiple vulnerabilities could lead to arbitrary code and command execution on a target system and a denial-of-service condition
14 December 2018
Critical vulnerabilities in Siemens SINUMERIK controllersExploitation of vulnerabilities in Siemens SINUMERIK controllers cold allow remote code execution, privilege escalation and device denial-of-service conditions
16 November 2018
Web vulnerabilities in Siemens SIMATIC operator panelsThe most serious of the vulnerabilities could allow arbitrary files to be downloaded from the device
16 November 2018
Vulnerabilities in Siemens industrial productsThe most dangerous of the vulnerabilities affect the SIMATIC S7-400 CPU family and the SIMATIC IT Production Suite software package. The vulnerabilities have been fixed for most of the affected products
Filter