. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Siemens PROFINET-IO Stack Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Products that include the Siemens PROFINET-IO…

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7 Vulnerability: Uncontrolled Resource Consumption (Resource Exhaustion) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to perform a denial-of-service attack by sending a specially crafted HTTP request to…

1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE X switches Vulnerability: Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform administrative actions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE S-600 Firewall Vulnerabilities: Resource Exhaustion, Cross-site Scripting 2. RISK EVALUATION These vulnerabilities could allow a remote attacker to conduct denial-of-service or cross-site scripting attacks. User interaction is required for a successful exploitation of the cross-site-scripting attack….

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC S7-1500 CPU family Vulnerability: Resource exhaustion 2. RISK EVALUATION This vulnerability could allow a remote attacker to conduct denial-of-service attacks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SIMATIC are affected: SIMATIC ET 200SP…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerability: Improper Input Validation 2. RISK EVALUATION This vulnerability could allow an attacker to conduct a denial-of-service attack over the network. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the vulnerability…

1. EXECUTIVE SUMMARY CVSS v3 2.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Digi International Equipment: ConnectPort LTS 32 MEI Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could limit system availability. 3. TECHNICAL DETAILS…

1. EXECUTIVE SUMMARY CVSS v3.1  3.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC CP 1626; HMI Panel (incl. SIPLUS variants); NET PC software; STEP 7 (TIA Portal); WinCC (TIA Portal); WinCC OA; WinCC Runtime (Pro and Advanced); TIM 1531 IRC (incl. SIPLUS variant) Vulnerability: Exposed Dangerous Method or Function…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Real-Time (IRT) Devices Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisor update titled ICSA-19-283-01 Siemens Industrial Real-Time (IRT) Devices (Update A) that was published…