Security News

Vulnerabilities in Open Design Alliance SDK Impact Siemens, Other Vendors
2021-06-18 16:39

Eight vulnerabilities discovered in the Drawings software development kit made by Open Design Alliance impact products from Siemens and likely other vendors. Dgn design files, is affected by several vulnerabilities that can be exploited by convincing the targeted user to open a specially crafted file.

Siemens, Schneider Electric Inform Customers About Tens of Vulnerabilities
2021-06-09 11:27

Industrial automation giants Siemens and Schneider Electric on Tuesday released several security advisories to inform customers about tens of vulnerabilities affecting their products. The eight new advisories released by Siemens on this Patch Tuesday cover roughly two dozen vulnerabilities affecting its Simcenter Femap, SIMATIC TIM, Solid Edge, SIMATIC NET, Mendix, JT2Go, Teamcenter Visualization, and SIMATIC RF products.

A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely
2021-05-31 04:30

Siemens on Friday shipped firmware updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers that could be exploited by a malicious actor to remotely gain access to protected areas of the memory and achieve unrestricted and undetected code execution, in what the researchers describe as an attacker's "Holy grail." In an advisory issued by Siemens, the German industrial automation firm said an unauthenticated, remote attacker with network access to TCP port 102 could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.

Newly Disclosed Vulnerability Allows Remote Hacking of Siemens PLCs
2021-05-28 15:08

Researchers at industrial cybersecurity firm Claroty have identified a serious vulnerability that can be exploited by a remote and unauthenticated attacker to hack some of the programmable logic controllers made by Siemens. The vulnerability is tracked as CVE-2020-15782 and it has been described as a high-severity memory protection bypass issue that allows an attacker with network access to TCP port 102 to write or read data in protected memory areas.

Siemens Addresses Code Execution Vulnerabilities Found in Popular CAD Library
2021-05-27 11:13

Siemens on Tuesday released an advisory to inform customers about several high-severity vulnerabilities affecting its Solid Edge product. The vulnerabilities were discovered in Siemens Solid Edge last year by security researcher Andrea Micalizzi, who has identified many vulnerabilities in industrial systems over the past years.

Siemens Addresses 60 Vulnerabilities Introduced by Third-Party Components
2021-05-11 14:48

Siemens' May 2021 Patch Tuesday advisories address roughly 60 vulnerabilities introduced by the use of third-party components. The German industrial giant has released more than a dozen advisories to inform customers about tens of vulnerabilities affecting RUGGEDCOM, SCALANCE, SIMATIC, SINEMA, SINAMICS and other products.

Google Cloud partners with Siemens to implement AI-based solutions across industrial manufacturing
2021-04-19 23:30

Siemens intends to integrate Google Cloud's leading data cloud and artificial intelligence/machine learning technologies with its factory automation solutions to help manufacturers innovate for the future. While AI projects have been deployed by many companies in "Islands" across the plant floor, manufacturers have struggled to implement AI at scale across their global operations.

Siemens Releases Several Advisories for 'NAME:WRECK' Vulnerabilities
2021-04-14 10:28

Siemens released a total of 14 new advisories on Tuesday, including five describing the impact and remediations for the NAME:WRECK vulnerabilities disclosed on the same day. Siemens on Tuesday published several advisories related to NAME:WRECK: one advisory to describe two out-of-bounds write flaws that can lead to code execution or DoS attacks, another advisory for a DNS cache poisoning issue, one advisory for two DoS vulnerabilities, and two advisories for the same four DoS and DNS cache poisoning flaws.

Siemens PCBflow enables secure collaboration between PCB designers and manufacturers
2021-04-07 02:15

Siemens introduced PCBflow, an innovative cloud-based software solution which bridges the gap between the electronics design and manufacturing ecosystems. PCBflow extends Siemens' Xcelerator portfolio with a secure environment for printed circuit board design teams to interact with a variety of manufacturers, and by rapidly performing a range of design-for-manufacturing analyses in the context of each manufacturers' process capabilities, which helps customers accelerate design-to-production handoff.

Siemens unveils Veloce, a hardware-assisted verification system
2021-03-29 02:00

Siemens unveiled its next-generation Veloce hardware-assisted verification system for the rapid verification of highly sophisticated, next-generation integrated circuit designs. Veloce Strato+, a capacity upgrade to the Veloce Strato hardware emulator.