As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIPROTEC 4 and SIPROTEC 4 Compact
- Vulnerability: Improper Check for Unusual or Exceptional Conditions
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service condition.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
- SIPROTEC 4 6MD61: All versions
- SIPROTEC 4 7SJ62: All versions
- SIPROTEC 4 7SJ63: All versions
- SIPROTEC 4 7SJ64: All versions
- SIPROTEC 4 7SJ66: All versions
- SIPROTEC 4 7SS52: All versions
- SIPROTEC 4 7ST6: All versions
- SIPROTEC 4 7UM61: All versions
- SIPROTEC 4 7UM62: All versions
- SIPROTEC 4 7UT63: All versions
- SIPROTEC 4 7UT612: All versions
- SIPROTEC 4 6MD63: All versions
- SIPROTEC 4 7UT613: All versions
- SIPROTEC 4 7VE6: All versions
- SIPROTEC 4 7VK61: All versions
- SIPROTEC 4 7VU683: All versions
- SIPROTEC 4 Compact 7RW80: All versions
- SIPROTEC 4 Compact 7SD80: All versions
- SIPROTEC 4 Compact 7SJ80: All versions
- SIPROTEC 4 Compact 7SJ81: All versions
- SIPROTEC 4 Compact 7SK80: All versions
- SIPROTEC 4 Compact 7SK81: All versions
- SIPROTEC 4 6MD66: All versions
- SIPROTEC 4 6MD665: All versions
- SIPROTEC 4 7SA6: Versions prior to V4.78
- SIPROTEC 4 7SA522: All versions
- SIPROTEC 4 7SD5: Versions prior to V4.78
- SIPROTEC 4 7SD610: Versions prior to V4.7
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: