Security Updates

Critical updates from Microsoft, Siemens and other companies will be posted here when they become available. Check back often, as this page will update periodically.

Compromise of U.S. Water Treatment Facility


The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding increasing system security breaches. If you have concerns about your system’s security, please contact us at Pigler Automation.

Siemens ProductCERT Updated: 02/10/21

https://www.siemens.com/cert/advisories/The following new advisories/bulletins have just been published on the Siemens ProductCERT web site [1]:
SSA-156833: Zip-Slip Directory Traversal Vulnerability in SINEMA Server and SINEC NMS [2]
SSA-362164: Predictable Initial Sequence Numbers in Mentor Nucleus TCP stack [3]
SSA-379803: Vulnerabilities in RUGGEDCOM ROX II [4]
SSA-428051: Privilege Escalation Vulnerability in TIA Administrator [5]
SSA-536315: Privilege escalation vulnerability in DIGSI 4 [6]
SSA-663999: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0.1 [7]
SSA-686152: Denial-of-Service Vulnerability in ARP Protocol of SCALANCE W780 and W740 [8]
SSA-794542: Insecure Folder Permissions in SIMARIS configuration [9]
SSA-944678: Potential Password Protection Bypass in SIMATIC WinCC [10]

Additionally, the following advisories / bulletins have just been updated on the Siemens ProductCERT web site [1]:
SSA-100232: Denial-of-Service vulnerability in SCALANCE X Switches [11] Added update information for SCALANCE X-200IRT switch family
SSA-102233: SegmentSmack in VxWorks-based Industrial Devices [12] Added update information for SCALANCE X-200IRT switch family
SSA-139628: Vulnerabilities in Web Server for Scalance X Products [13] Added update information for SCALANCE X-200IRT switch family
SSA-274900: Use of hardcoded key in Scalance X devices under certain conditions [14] Added update information for SCALANCE X-200IRT switch family
SSA-349422: Denial-of-Service in Industrial Real-Time (IRT) Devices [15] Added additional SIMATIC ET200ecoPN model (6ES7148-6JG00-0BB0) as not affected
SSA-398519: Vulnerabilities in Intel CPUs (November 2019) [16] Updated solution for SIMATIC IPC527G, SIMATIC Field PG M5, and SIMATIC Field PG M6
SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP [17] Added CVE-2020-1971, CVE-2020-8694, CVE-2020-15437, CVE-2020-25704, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-29369, CVE-2020-29660, CVE-2020-29661, CVE-2020-35448, CVE-2020-36221, CVE-2020-36222, CVE-2020-36223, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226, CVE-2020-36227, CVE-2020-36228, CVE-2020-36229, CVE-2020-36230, CVE-2021-21120
SSA-455843: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products [18] Updated solution for SPPA S3000 (with fixes for the open CVEs)
SSA-534763: Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products [19] Added solution for SIMATIC Field PG M5, and SIMATIC Field PG M6
SSA-541017: Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SIRIUS 3RW5 Modbus TCP and SENTRON PAC / 3VA Devices [20] Added additional affected products (SENTRON PAC2200, PAC3200T, 3VA COM100/800, 3VA DSP800) and related fix release information
SSA-622830: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0 [21] Included fix information for CVE-2020-26989, CVE-2020-26990 and CVE-2020-26991, and reference to new advisory SSA-663999
SSA-646841: Recoverable Password from Configuration Storage in SCALANCE X Switches [22] Added solution for SCALANCE X-200IRT switch family
SSA-841348: Multiple Vulnerabilities in the UMC Stack [23] Added solution for SIMOCODE ES V15 and Soft Starter ES V15
SSA-886514: Persistent XSS Vulnerabilities in the Web Interface of Climatix POL908 and POL909 Modules [24] Added solution for POL909 (AWM Module)
SSA-951513: Clickjacking Vulnerability in SCALANCE X-300, X-200IRT, and X-200 Switch Families [25] Added solution for SCALANCE X-200IRT switch family
SSA-978220: Denial-of-Service Vulnerability over SNMP in Multiple Industrial Products [26] Added solution for SIMATIC NET CP 1626
 

Siemens ProductCERT Updated: 12/08/20

The following new advisories/bulletins have just been published on the Siemens ProductCERT web site [1]:
SSA-415783: Insecure SSL configuration in SICAM A8000 CP-8000, CP-8021 and CP-8022 [2]
SSA-478893: TightVNC Vulnerabilities in Industrial Products [3]
SSA-480824: Multiple Vulnerabilities in LOGO! 8 BM [4]
SSA-541017: Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SIRIUS 3RW5 Modbus TCP and SENTRON PAC Devices [5]
SSA-700697: Denial-of-Service Vulnerability in Web Server of SIMATIC Controllers [6]
SSA-712690: Vulnerabilities in XHQ Operations Intelligence [7]
Additionally, the following advisories / bulletins have just been updated on the Siemens ProductCERT web site [1]:
SSA-087240: Vulnerabilities in SIEMENS LOGO! [8]  Add solution for CVE-2017-12735.
SSA-102144: Code Execution Vulnerability in LOGO! Soft Comfort [9] Added solution
SSA-102233: SegmentSmack in VxWorks-based Industrial Devices [10] 
Updated information regarding successor products for SIMATIC RF180C and RF182C
SSA-181018: Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM Win, RFID 181EIP, and SIMATIC RF182C [11] Informed about successor products for SIMATIC RF182C and RFID 181EIP
SSA-312271: Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications [12]  Added solution for SIMATIC S7-1500 Software Controller and SINAMICS STARTER
SSA-381684: Improper Password Protection during Authentication in SIMATIC S7-300 and S7-400 CPUs and Derived Products [13]  Upated the section ACKNOWLEDGMENTS
SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP [14]  Added an initial set of vulnerabilities for V2.8.4, and the following for V2.6.1 and earlier: CVE-2020-25284, CVE-2020-25668, CVE-2020-25705, CVE-2020-27618, CVE-2020-27777
SSA-462066: Vulnerability known as TCP SACK PANIC in Industrial Products [15]
Added solution for SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
SSA-480230: Denial-of-Service in Webserver of Industrial Products [16]
Updated information regarding successor products for SIMATIC RF182C and RFID 181EIP
SSA-534763: Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products [17] Added solution for SIMATIC IPC427E, SIMATIC IPC477E, and SIMATIC IPC477E PRO
SSA-542525: Authentication Vulnerabilities in SIMATIC HMI Products [18]           
Added patch links for SIMATIC HMI Basic (2nd generation), Comfort (including SIPLUS variants) and Mobile Panels
SSA-542701: Vulnerabilities in SIEMENS LOGO! [19]  Add solution for LOGO! 8 BM
SSA-616472: ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products [20] 
Remove wrong MLFB from SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP and Updates for SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
SSA-689942: Denial-of-Service and DLL Hijacking Vulnerabilities in Multiple SIMATIC Software Products [21] Corrected affected version and patch link for SINAMICS STARTER
SSA-712518: Information Disclosure Vulnerability (Kr00k) in Industrial Wi-Fi Products [22] Added solution for SIMOTICS CONNECT 400
SSA-780073: Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets [23] Added SIMOTION products; Updated information regarding successor products for SIMATIC RF180C and RF182C
SSA-817401: Missing Authentication Vulnerability in SIEMENS LOGO! [24]  Added additional mitigation for LOGO! V8.3
SSA-841348: Multiple Vulnerabilities in the UMC Stack [25]