Siemens addressed several DoS flaws in many products

Siemens Patch Tuesday updates for April 2019 address several serious vulnerabilities, including some DoS flaws in many industrial products.

Siemens has released Patch Tuesday updates that address several serious flaws including some DoS vulnerabilities. Siemens published six new advisories that cover a total of 11 vulnerabilities.

One of the issues addressed by Siemens is a high-severity DoS vulnerability (CVE-2019-6575) that affects some the SIMATIC, SINEC-NMS, SINEMA, SINUMERIK and TeleControl products.

The CVE-2019-6575 vulnerability can be exploited by a remote, unauthenticated attacker to cause a DoS condition in OPC communications component or crash a device by sending it specially crafted network packets on TCP port 4840.

“A vulnerability has been identified in the OPC UA server of several industrial products. The vulnerability could cause a Denial-of-Service condition on the service or the device.” reads the security advisory published by Siemens.

Siemens also fixed another DoS flaw tracked as CVE-2019-6568 that resides in the web server component used by many CP, SIMATIC, SINAMICS, SITOP and TIM industrial products. An unauthenticated attacker could trigger the vulnerability once obtained the network access.

The company also addressed a high-severity DoS vulnerability (CVE-2017-12741) in SIMOCODE pro V EIP that can be exploited remotely by sending specially crafted packets to the targeted application on UDP port 161.

“SIMOCODE pro V EIP is affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).” reads the advisory published by the company.

Siemens also published security advisories for flaws in RUGGEDCOM ROX II routers, the SINEMA Remote Connect client and server, and
Spectrum Power product.

The industrial giant confirmed that it is not aware of any malicious exploits targeting these flaws.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Siemens)

[adrotate banner=”5″]

[adrotate banner=”13″]