1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the…

EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Industrial Products Vulnerability: Cleartext Transmission of Sensitive Information 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-18-226-02 Siemens OpenSSL Vulnerability in Industrial Products (Update B) that was published…

Kaspersky revealed that the CVE-2018-8589  Windows 0-day fixed by Microsoft Nov. 2018 Patch Tuesday has been exploited by at least one APT group in attacks in the Middle East. Kaspersky Lab experts revealed that the CVE-2018-8589 Windows zero-day vulnerability addressed by Microsoft November 2018 Patch Tuesday has been exploited by an APT group in…

Researchers who devised the original Meltdown and Spectre attacks disclosed seven new variants that leverage on a technique known as transient execution. In January, white hackers from Google Project Zero disclosed the vulnerabilities that potentially impact all major CPUs, including the ones manufactured by AMD, ARM, and Intel. The…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Panels Vulnerabilities: Path Traversal, Open Redirect 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow download of arbitrary files from the device, or allow URL redirections to untrusted websites. 3. TECHNICAL…

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC IT Production Suite Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports this…

1. EXECUTIVE SUMMARY CVSS v3 4.0 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMATIC STEP 7 (TIA Portal) Vulnerability: Unprotected Storage of Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to reconstruct passwords. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the…

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7 Vulnerability: Resource Exhaustion 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition that could result in a loss of availability of the affected device. 3. TECHNICAL…

1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE S Vulnerability: Cross-site Scripting 2. RISK EVALUATION If an attacker tricks a user into clicking a malicious link, the device could allow arbitrary script injection (XSS). 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the following…

1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Panels and SIMATIC WinCC (TIA Portal) Vulnerability: Code Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with network access to the web server to perform a HTTP…