All CISA Advisories, EN

Siemens OpenSSL Vulnerability in Industrial Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v3 7.4
  • ATTENTION: Exploitable remotely
  • Vendor: Siemens
  • Equipment: INDUSTRIAL EDGE, RUGGEDCOM, SCALANCE, SIMATIC, SINEC, SINEMA, SINUMERIK, SIPLUS, TIA
  • Vulnerability: Out-of-bounds Read

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial-of-service condition.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

  • Siemens Industrial Edge – Machine Insight App: All versions
  • Siemens RUGGEDCOM ROX RX1510: All versions prior to V2.15.0
  • Siemens SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6): All versions prior to V5.5.2
  • Siemens SCALANCE X202-2IRT (6GK5202-2BB00-2BA3): All versions prior to V5.5.2
  • Siemens SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3): All versions prior to V5.5.2
  • Siemens SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6): All versions prior to V5.5.2
  • Siemens SCALANCE X204-2 (6GK5204-2BB10-2AA3): All versions prior to V5.2.6
  • Siemens SCALANCE X204-2FM (6GK5204-2BB11-2AA3): All versions prior to V5.2.6
  • Siemens SCALANCE X204-2LD (6GK5204-2BC10-2AA3): All versions prior to V5.2.6
  • Siemens SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2): All versions prior to V5.2.6
  • Siemens SCALANCE X204-2TS (6GK5204-2BB10-2CA2): All versions prior to V5.2.6
  • Siemens SCALANCE X204IRT (6GK5204-0BA00-2BA3): All versions prior to V5.5.2
  • Siemens RUGGEDCOM ROX RX1511: All versions prior to V2.15.0
  • Siemens SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6): All versions prior to V5.5.2<
    […]
    Content was cut in order to protect the source.Please visit the source for the rest of the article.

    This article has been indexed from All CISA Advisories

    Read the original article: