Siemens released Patch Tuesday updates for February 2020 that address serious denial-of-service (
According to the advisories released by the vendor, a high-severity
“A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled.” reads the security advisory published by Siemens. “The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are not affected as encrypted communication is not an option).”
The flaw could be exploited if encrypted communication is enabled by sending specially crafted messages to the vulnerable system over the network. An attacker could exploit the issue without system privileges or user interaction. The flaw, tracked with the ID SSA-270778 received a CVSS score of 7.5.
Siemens addressed another
Siemens fixed a
Siemens fixed two of the flaws in several industrial products, both are related to the handling of SNMP messages.
Siemens also fixed an issue in its S7-1500 CPUs which can be exploited by sending specially crafted UDP packets to a device.
The complete list of DoS vulnerabilities addressed by the IT vendor is reported in the advisories p