Siemens has released Patch Tuesday updates that address several serious flaws including some DoS vulnerabilities. Siemens published six new advisories that cover a total of 11 vulnerabilities.
One of the issues addressed by Siemens is a high-severity DoS vulnerability (CVE-2019-6575) that affects some the SIMATIC, SINEC-NMS, SINEMA, SINUMERIK and TeleControl products.
The CVE-2019-6575 vulnerability can be exploited by a remote, unauthenticated attacker to cause a DoS condition in OPC communications component or crash a device by sending it specially crafted network packets on TCP port 4840.
“A vulnerability has been identified in the OPC UA server of several industrial products. The vulnerability could cause a Denial-of-Service condition on the service or the device.” reads the security advisory published by Siemens.
Siemens also fixed another DoS flaw tracked as CVE-2019-6568 that resides in the web server component used by many CP, SIMATIC, SINAMICS, SITOP and TIM industrial products. An unauthenticated attacker could trigger the vulnerability once obtained the network access.
The company also addressed a high-severity DoS vulnerability (CVE-2017-12741) in SIMOCODE pro V EIP that can be exploited remotely by sending specially crafted packets to the targeted application on UDP port 161.
“SIMOCODE pro V EIP is affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).” reads the advisory published by the company.
Siemens also published security advisories for flaws in RUGGEDCOM ROX II routers, the SINEMA Remote Connect client and server, and
Spectrum Power product.
The industrial giant confirmed that it is not aware of any malicious exploits targeting these flaws.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Siemens)
[adrotate banner=”5″]
[adrotate banner=”13″]
Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler…
A financially motivated group named GhostR claims the theft of a sensitive database from World-Check…
Researcher demonstrated how to exploit vulnerabilities in the Windows DOS-to-NT path conversion process to achieve…
Japan's CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads…
Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over…
Threat actors target government entities in the Middle East with a new backdoor dubbed CR4T…
This website uses cookies.