All CISA Advisories, EN

Siemens Multiple Industrial Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v3 7.5
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Siemens
  • Equipment: INDUSTRIAL EDGE, OpenPCS, RUGGEDCOM, SCALANCE, SIMATIC, SIMOTION, SINAUT, SINEC, SIPLUS, TIA
  • Vulnerability: Loop with Unreachable Exit Condition (‘Infinite Loop’)

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to create a denial-of-service condition.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

  • Siemens Industrial Edge – OPC UA Connector: All versions prior to V1.7
  • Siemens RUGGEDCOM ROX MX5000RE: All versions prior to V2.15.1
  • Siemens SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0): All versions
  • Siemens SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0): All versions
  • Siemens SCALANCE WAM763-1 (6GK5763-1AL00-7DA0): All versions prior to V2.0
  • Siemens SCALANCE WAM766-1 (6GK5766-1GE00-7DA0): All versions prior to V2.0
  • Siemens SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0): All versions prior to V2.0
  • Siemens SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0): All versions prior to V2.0
  • Siemens SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0): All versions prior to V2.0
  • Siemens SCALANCE WUM763-1 (6GK5763-1AL00-3AA0): All versions prior to V2.0
  • Siemens SCALANCE WUM763-1 (6GK5763-1AL00-3DA0): All versions prior to V2.0
  • Siemens SCALANCE WUM766-1 (6GK5766-1GE00-3DA0): All versions prior to V2.0
  • Siemens RUGGEDCOM ROX RX1400: All versions prior to V2.15.1
  • Siemens SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0): All versions prior to V2.0
  • Siemens

    […]
    Content was cut in order to protect the source.Please visit the source for the rest of the article.

    This article has been indexed from All CISA Advisories

    Read the original article: