Cybersecurity

Siemens Spectrum Power (ICSA-20-252-04) – Products Used in the Energy Sector

CISA has published an advisory on cleartext storage of sensitive information and exposure of information through directory listing vulnerabilities in Siemens Spectrum Power. All versions prior to v4.70 SP8 are affected. Successful exploitation of these vulnerabilities could allow an unauthorized attacker to retrieve a list of software users, or in certain cases to list the contents of a directory. Siemens has released updates and configuration recommendations for Spectrum Power 4 to mitigate the issues. CISA also recommends a series of measures to mitigate the vulnerabilities.

Read more about Siemens Spectrum Power (ICSA-20-252-04) – Products Used in the Energy Sector

Siemens UMC Stack (Update B) (ICSA-20-196-05)

September 8, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

August 11, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

Read more about Siemens UMC Stack (Update B) (ICSA-20-196-05)

Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update C) (ICSA-20-161-04) – Products Used in the Water and Wastewater and Energy Sectors

September 8, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

August 11, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

Read more about Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update C) (ICSA-20-161-04) – Products Used in the Water and Wastewater and Energy Sectors

Siemens IE/PB-Link, RUGGEDCOM, SCALANCE, SIMATIC, SINEMA (Update B) (ICSA-20-105-05) – Products Used in the Water and Wastewater and Energy Sectors

September 8, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

May 12, 2020

CISA has updated this advisory with additional information on the affected products. Read the advisory at CISA.

Read more about Siemens IE/PB-Link, RUGGEDCOM, SCALANCE, SIMATIC, SINEMA (Update B) (ICSA-20-105-05) – Products Used in the Water and Wastewater and Energy Sectors

Siemens SCALANCE & SIMATIC (Update B) (ICSA-20-105-07)

September 8, 2020

CISA has updated this advisory with additional details on mitigation measures. Read the advisory at CISA.

August 11, 2020

CISA has updated this advisory with additional details on mitigation measures. Read the advisory at CISA.

April 16, 2020

Read more about Siemens SCALANCE & SIMATIC (Update B) (ICSA-20-105-07)

Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC (Update E) (ICSA-20-042-06) – Products Used in the Water and Wastewater and Energy Sectors

September 8, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

July 14, 2020

CISA has updated this advisory with additional details on mitigation measures. Read the advisory at CISA.

May 12, 2020

Read more about Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC (Update E) (ICSA-20-042-06) – Products Used in the Water and Wastewater and Energy Sectors

Siemens PROFINET Devices (Update H) (ICSA-19-283-02)

September 8, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

August 11, 2020

Read more about Siemens PROFINET Devices (Update H) (ICSA-19-283-02)

DoS and DDoS Attacks against Multiple Sectors

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) advises it is aware of open-source reporting of targeted denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against finance and business organizations worldwide.

Read more about DoS and DDoS Attacks against Multiple Sectors

How are you Managing Transient and Other Portable Devices?

While properly securing devices like laptops and USBs that are not perpetually connected to the network is not a new problem, that endeavor became exponentially more complicated in light of the current pandemic. Prior to the pandemic, some organizations were able to greatly restrict transient devices in their environment; now, not so much.

Read more about How are you Managing Transient and Other Portable Devices?

CISA and OMB Release Guidance on Vulnerability Management for Federal Government Agencies

Yesterday the U.S. Department of Homeland Security Cybersecurity Agency (CISA) and the Office of Management and Budget released three documents providing guidance for how federal government agencies should manage vulnerabilities. The CISA guidance consists of a binding operational directive (BOD) that requires each federal agency to publish a vulnerability disclosure program (VDP) as well as implementation guidance.

Read more about CISA and OMB Release Guidance on Vulnerability Management for Federal Government Agencies

You are here

Cybersecurity

Siemens Spectrum Power (ICSA-20-252-04) – Products Used in the Energy Sector

Siemens UMC Stack (Update B) (ICSA-20-196-05)

Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update C) (ICSA-20-161-04) – Products Used in the Water and Wastewater and Energy Sectors

Siemens IE/PB-Link, RUGGEDCOM, SCALANCE, SIMATIC, SINEMA (Update B) (ICSA-20-105-05) – Products Used in the Water and Wastewater and Energy Sectors

Siemens SCALANCE & SIMATIC (Update B) (ICSA-20-105-07)

Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC (Update E) (ICSA-20-042-06) – Products Used in the Water and Wastewater and Energy Sectors

Siemens PROFINET Devices (Update H) (ICSA-19-283-02)

DoS and DDoS Attacks against Multiple Sectors

How are you Managing Transient and Other Portable Devices?

CISA and OMB Release Guidance on Vulnerability Management for Federal Government Agencies

Pages

You are here

Cybersecurity

Pages

Footer Email Signup