Security News

Eight vulnerabilities discovered in the Drawings software development kit made by Open Design Alliance impact products from Siemens and likely other vendors. Dgn design files, is affected by several vulnerabilities that can be exploited by convincing the targeted user to open a specially crafted file.

Industrial automation giants Siemens and Schneider Electric on Tuesday released several security advisories to inform customers about tens of vulnerabilities affecting their products. The eight new advisories released by Siemens on this Patch Tuesday cover roughly two dozen vulnerabilities affecting its Simcenter Femap, SIMATIC TIM, Solid Edge, SIMATIC NET, Mendix, JT2Go, Teamcenter Visualization, and SIMATIC RF products.

Siemens on Friday shipped firmware updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers that could be exploited by a malicious actor to remotely gain access to protected areas of the memory and achieve unrestricted and undetected code execution, in what the researchers describe as an attacker's "Holy grail." In an advisory issued by Siemens, the German industrial automation firm said an unauthenticated, remote attacker with network access to TCP port 102 could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.

Researchers at industrial cybersecurity firm Claroty have identified a serious vulnerability that can be exploited by a remote and unauthenticated attacker to hack some of the programmable logic controllers made by Siemens. The vulnerability is tracked as CVE-2020-15782 and it has been described as a high-severity memory protection bypass issue that allows an attacker with network access to TCP port 102 to write or read data in protected memory areas.

Siemens on Tuesday released an advisory to inform customers about several high-severity vulnerabilities affecting its Solid Edge product. The vulnerabilities were discovered in Siemens Solid Edge last year by security researcher Andrea Micalizzi, who has identified many vulnerabilities in industrial systems over the past years.

Siemens' May 2021 Patch Tuesday advisories address roughly 60 vulnerabilities introduced by the use of third-party components. The German industrial giant has released more than a dozen advisories to inform customers about tens of vulnerabilities affecting RUGGEDCOM, SCALANCE, SIMATIC, SINEMA, SINAMICS and other products.

Siemens intends to integrate Google Cloud's leading data cloud and artificial intelligence/machine learning technologies with its factory automation solutions to help manufacturers innovate for the future. While AI projects have been deployed by many companies in "Islands" across the plant floor, manufacturers have struggled to implement AI at scale across their global operations.

Siemens released a total of 14 new advisories on Tuesday, including five describing the impact and remediations for the NAME:WRECK vulnerabilities disclosed on the same day. Siemens on Tuesday published several advisories related to NAME:WRECK: one advisory to describe two out-of-bounds write flaws that can lead to code execution or DoS attacks, another advisory for a DNS cache poisoning issue, one advisory for two DoS vulnerabilities, and two advisories for the same four DoS and DNS cache poisoning flaws.

Siemens introduced PCBflow, an innovative cloud-based software solution which bridges the gap between the electronics design and manufacturing ecosystems. PCBflow extends Siemens' Xcelerator portfolio with a secure environment for printed circuit board design teams to interact with a variety of manufacturers, and by rapidly performing a range of design-for-manufacturing analyses in the context of each manufacturers' process capabilities, which helps customers accelerate design-to-production handoff.

Siemens unveiled its next-generation Veloce hardware-assisted verification system for the rapid verification of highly sophisticated, next-generation integrated circuit designs. Veloce Strato+, a capacity upgrade to the Veloce Strato hardware emulator.