← Back to home
SIEMENS-SSA-352504  ·  Published 2020-06-09  ·  View on Siemens ProductCERT ↗

SSA-352504 (Last Update: 2020-06-09): Urgent/11 TCP/IP Stack Vulnerabilities in Siemens Power Meters

CVSS N/A MEDIUM

Risk Summary

<p>Siemens low &amp; high voltage power meters are affected by multiple security vulnerabilities due to the underlying Wind River VxWorks network stack. This stack is affected by eleven vulnerabilities known as the &quot;URGENT/11&quot;.</p> <p>The vulnerability could allow an attacker to execute a variety of exploits for the purpose of Denial-of-Service (DoS), data extraction, RCE, etc. targeting both availability and confidentiality of the devices and data.</p> <p>Siemens is working on updates for the affected products, and recommends countermeasures until fixes are available.</p>

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-352504 (Last Update: 2020-06-09): Urgent/11 TCP/IP Stack Vulnerabilities in Siemens Power Meters See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more