-2560x1440.jpg?auto=format%2Ccompress&fit=crop&crop=faces%2Cedge&w=2560&h=1440&q=60)
Siemens ProductCERT is a team of security experts managing security issues (receipt, investigation, coordination, reporting) for Siemens products, solutions and services. ProductCERT builds global relationships to enhance product security.
Siemens is aware of the nine malicious NuGet packages reported recently by Socket researchers.
Siemens has investigated these NuGet packages aimed at disrupting industrial operations. The malicious nature of the software seems to be only relevant to yet unknown, non-Siemens software which includes these packages. If this software implements a client to communicates with Siemens PLCs via legacy PUT/GET protocol, the manipulations can randomly close the connection to the device and/or cause silent failures when writing data to the PLC. The integrity of the PLC software is not affected.
Our internal analysis has confirmed that no Siemens products use any of these NuGet packages. Furthermore, these NuGet packages have not compromised any Siemens products.
Siemens will update this Siemens Security News article when new information becomes available.
Siemens ProductCERT investigates all reports of security issues and publishes Security Advisories for validated security vulnerabilities that directly involve Siemens products and require applying an update, performing an upgrade or other customer action. As part of the ongoing effort to help operators manage security risks and help keep systems protected, Siemens ProductCERT discloses the required information necessary for operators to assess the impact of a security vulnerability.
Loading application...
To stay up to date with Siemens security advisories, you can register to our mailing list, subscribe to our RSS feed or ingest our CSAF feed. If you register to our mailing list, we will notify you via email on newly released or updated security advisories.
If you prefer CSAF or RSS to stay up-to-date, subscribe to one of our feeds:
Siemens would like to express its sincere thanks to all individuals ethically reporting security issues in Siemens products, solutions, services or infrastructure.
For Siemens portfolio/infrastructure security questions or to report potential issues, please contact us. We accept English or German emails; encrypted communication is preferred. Expect a response by the next business day in Germany (Munich).
PGP Public Key and Fingerprint: 580D 38DA 2285 55EB 2A39 9A81 18BA BD55 427E CF78
PGP Public Key and Fingerprint: A3D1 8E40 D104 DEAD A112 3FF6 B485 0E2E 1AA2 2CD8