You are here

Home » Cybersecurity

Cybersecurity

Siemens SIMATIC HMI Products (ICSA-20-252-06) – Products Used in the Energy Sector

CISA has published an advisory on improper restriction of excessive authentication attempts and authentication bypass by primary weakness vulnerabilities in Siemens SIMATIC HMI. Multiple products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. Siemens is preparing updates and recommends specific countermeasures for products where updates are not yet available.

Siemens Spectrum Power (ICSA-20-252-04) – Products Used in the Energy Sector

CISA has published an advisory on cleartext storage of sensitive information and exposure of information through directory listing vulnerabilities in Siemens Spectrum Power. All versions prior to  v4.70 SP8 are affected. Successful exploitation of these vulnerabilities could allow an unauthorized attacker to retrieve a list of software users, or in certain cases to list the contents of a directory. Siemens has released updates and configuration recommendations for Spectrum Power 4 to mitigate the issues. CISA also recommends a series of measures to mitigate the vulnerabilities.

Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update C) (ICSA-20-161-04) – Products Used in the Water and Wastewater and Energy Sectors

September 8, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

August 11, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

Siemens IE/PB-Link, RUGGEDCOM, SCALANCE, SIMATIC, SINEMA (Update B) (ICSA-20-105-05) – Products Used in the Water and Wastewater and Energy Sectors

September 8, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures.  Read the advisory at CISA.

May 12, 2020

CISA has updated this advisory with additional information on the affected products. Read the advisory at CISA.

Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC (Update E) (ICSA-20-042-06) – Products Used in the Water and Wastewater and Energy Sectors

September 8, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

July 14, 2020

CISA has updated this advisory with additional details on mitigation measures. Read the advisory at CISA.

May 12, 2020

Pages

Subscribe to Cybersecurity