For SIMATIC WinCC (TIA Portal) v13, Siemens recommends affected users update to v13 SP2 or higher. For SIMATIC NET PC Software, Siemens recommends affected users update to v16 update 1 or higher.Use VPN for protecting network communication between cells.Siemens has identified the following specific workarounds and mitigations: Nicholas Miles from Tenable reported this vulnerability to Siemens. CRITICAL INFRASTRUCTURE SECTORS: Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems.A CVSS v3 base score of 7.5 has been assigned the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could compromise the availability of the system by causing a denial-of-service condition.ĬVE-2019-19282 has been assigned to this vulnerability. SIMATIC WinCC v7.5 all versions prior to v7.5.1 Upd1Ĥ.2 VULNERABILITY OVERVIEW 4.2.1 INCORRECT CALCULATION OF BUFFER SIZE CWE-131.SIMATIC WinCC (TIA Portal) v16 all versions.SIMATIC WinCC (TIA Portal) v15.1 all versions.SIMATIC WinCC (TIA Portal) v14.0.1 all versions.SIMATIC WinCC (TIA Portal) v13 all versions prior to v13 SP2.SIMATIC Route Control v9.0 all versions.SIMATIC Route Control v8.2 all versions.SIMATIC Route Control v8.1 all versions.The following versions of SIMATIC software are affected: Successful exploitation of this vulnerability could allow an attacker with network access to cause a denial-of-service condition. This updated advisory is a follow-up to the advisory update titled 20-042-06 Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC that (Update B) was published April 14, 2020, to the ICS webpage on. Vulnerability: Incorrect Calculation of Buffer Size.Equipment: SIMATIC PCS 7, SIMATIC WinCC, SIMATIC NET PC.ATTENTION: Exploitable remotely/low skill level to exploit.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |