Siemens

Pierluigi Paganini January 16, 2021
Siemens fixed tens of flaws in Siemens Digital Industries Software products

Siemens has addressed tens of vulnerabilities in Siemens Digital Industries Software products that can allow arbitrary code execution. Siemens has addressed 18 vulnerabilities affecting some products of Siemens Digital Industries Software which provides product lifecycle management (PLM) solutions. The vulnerabilities affect Siemens JT2Go, a 3D viewing tool for JT data (ISO-standardized 3D data format) and […]

Pierluigi Paganini February 12, 2020
Siemens fixed multiple DoS flaws in several products

Siemens issued Patch Tuesday updates for February 2020 that fixed serious denial-of-service (DoS) flaws in several of its products. Siemens released Patch Tuesday updates for February 2020 that address serious denial-of-service (DoS) flaws in several of its products. According to the advisories released by the vendor, a high-severity DoS flaw affects Siemens SIMATIC PCS 7, […]

Pierluigi Paganini May 28, 2019
Siemens Healthineers medical products vulnerable to Windows BlueKeep flaw

Several products made by Siemens Healthineers are affected by a recently patched Windows BlueKeep vulnerability (CVE-2019-0708). The BlueKeep issue is a remote code execution vulnerability in Remote Desktop Services (RDS) that it can be exploited by an unauthenticated attacker by connecting to the targeted system via the RDP and sending specially crafted requests. As explained by […]

Pierluigi Paganini April 12, 2019
Siemens addressed several DoS flaws in many products

Siemens Patch Tuesday updates for April 2019 address several serious vulnerabilities, including some DoS flaws in many industrial products. Siemens has released Patch Tuesday updates that address several serious flaws including some DoS vulnerabilities. Siemens published six new advisories that cover a total of 11 vulnerabilities. One of the issues addressed by Siemens is a […]

Pierluigi Paganini December 17, 2018
Siemens addresses multiple critical flaws in SINUMERIK Controllers

Siemens addressed several vulnerabilities in SINUMERIK controllers, including denial-of-service (DoS), privilege escalation and code execution issues. Siemens has fixed several flaws in SINUMERIK controllers, some of them have been classified as “critical.” The list of vulnerabilities includes DoS, privilege escalation and code execution flaws. Security experts at Kaspersky Lab discovered that SINUMERIK 808D, 828D and 840D controllers are […]

Pierluigi Paganini July 04, 2018
Siemens warns of several flaws affecting Central Plant Clocks

Siemens disclosed several vulnerabilities in some of its SICLOCK central plant clocks, including ones that have been rated as “critical.” Siemens is warning of the presence of six vulnerabilities in some of its SICLOCK central plant clocks that used to synchronize time in industrial environments. “In the event of failure or loss of reception from the […]

Pierluigi Paganini October 15, 2017
Flaws in Siemens Building Automation Controllers open to hack. Fix them asap

Siemens has released a firmware update that addresses two vulnerabilities in its BACnet Field Panel building automation controllers. This week Siemens has released a firmware update for its BACnet Field Panel building automation products that solved two vulnerabilities, one of which is classified as high severity. The vulnerabilities affect APOGEE PXC and TALON TC BACnet […]

Pierluigi Paganini September 30, 2017
High-severity flaw opens Siemens Industrial Switches to attacks

Siemens has started releasing security patches to fix a high severity access control vulnerability in its industrial switches tracked as CVE-2017-12736. The flaw was discovered by experts at Siemens and could be exploited by remote attackers to hack some of Siemens industrial communications devices. The vulnerability affects SCALANCE X industrial Ethernet switches, and Ruggedcom switches and serial-to-ethernet […]

Pierluigi Paganini November 10, 2016
CVE-2016-7165 Privilege Escalation flaw affects many Siemens solutions

Siemens released security updates and temporary fixes to fix a privilege escalation flaw, tracked CVE-2016-7165, that affects several industrial products. Siemens has released security updates and temporary fixes to address a privilege escalation vulnerability, tracked CVE-2016-7165, that affects several industrial products. The flaw could be exploited by attackers to escalate their privileges if the flawed products […]

Pierluigi Paganini December 12, 2014
BlackEnergy exploits recently fixed flaws in Siemens WinCC

The ICS-CERT revealed that the BlackEnergy malware targeted SCADA HMI systems may be exploiting a recently patched flaw in the Siemens SIMATIC WinCC. Security experts at the Industrial Control System Cyber Emergency Response Team (ICS-CERT)  reported that the BlackEnergy malware was used by threat actors in the wild to compromise HMI (human-machine interface) systems. The […]