Siemens released Patch Tuesday updates for February 2020 that address serious denial-of-service (DoS) flaws in several of its products.
According to the advisories released by the vendor, a high-severity DoS flaw affects Siemens SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC products.
“A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled.” reads the security advisory published by Siemens. “The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are not affected as encrypted communication is not an option).”
The flaw could be exploited if encrypted communication is enabled by sending specially crafted messages to the vulnerable system over the network. An attacker could exploit the issue without system privileges or user interaction. The flaw, tracked with the ID SSA-270778 received a CVSS score of 7.5.
Siemens addressed another DoS vulnerability that affects some SIMATIC S7 CPUs. The vulnerability can be exploited by an unauthenticated attacker by sending specially crafted HTTP requests to TCP ports 80 or 443.
Siemens fixed a DoS flaw that resides in many of its products using Profinet-IO (PNIO) stack versions prior to 06.00.
Siemens fixed two of the flaws in several industrial products, both are related to the handling of SNMP messages.
Siemens also fixed an issue in its S7-1500 CPUs which can be exploited by sending specially crafted UDP packets to a device.
The complete list of DoS vulnerabilities addressed by the IT vendor is reported in the advisories published by the company.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – ICS, DoS)
[adrotate banner=”5″]
[adrotate banner=”13″]
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
This website uses cookies.