October 13, 2020

CISA has updated this advisory with additional details on the affected products. Read the advisory at CISA.

September 9, 2020

CISA has published an advisory on an insufficiently protected credentials vulnerability in Siemens SIMATIC S7-300 and S7-400 CPUs. All versions of both products are affected. Successful exploitation of this vulnerability could result in credential disclosure. Siemens has identified specific workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.