Siemens has released Patch Tuesday updates that address several serious flaws including some DoS vulnerabilities. Siemens published six new advisories that cover a total of 11 vulnerabilities.
One of the issues addressed by Siemens is a high-severity DoS vulnerability (CVE-2019-6575) that affects some the SIMATIC, SINEC-NMS, SINEMA, SINUMERIK and TeleControl products.
The CVE-2019-6575 vulnerability can be exploited by a remote, unauthenticated attacker to cause a DoS condition in OPC communications component or crash a device by sending it specially crafted network packets on TCP port 4840.
“A vulnerability has been identified in the OPC UA server of several industrial products. The vulnerability could cause a Denial-of-Service condition on the service or the device.” reads the security advisory published by Siemens.
Siemens also fixed another
The company also addressed a high-severity DoS vulnerability (CVE-2017-12741) in SIMOCODE pro V EIP that can be exploited remotely by sending specially crafted packets to the targeted application on UDP port 161.
“SIMOCODE pro V EIP is affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).” reads the advisory published by the company.
Siemens also published security advisories for flaws in RUGGEDCOM ROX II routers, the SINEMA Remote Connect client and server, and
Spectrum Power product.
The industrial giant confirmed that it is not aware of any malicious exploits targeting these flaws.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.