← Back to home
SIEMENS-SSA-617233  ·  Published 2023-11-14  ·  View on Siemens ProductCERT ↗

SSA-617233 V1.0: Urgent/11 TCP/IP Stack Vulnerabilities in SIPROTEC 4 7SJ66 Devices

CVSS N/A MEDIUM

Risk Summary

<p>SIPROTEC 4 7SJ66 devices are affected by multiple security vulnerabilities due to the underlying Wind River VxWorks network stack. This stack is affected by nine of the eleven vulnerabilities that are also known as “URGENT/11”.</p> <p>The vulnerabilities could allow an attacker to execute a variety of exploits for the purpose of denial of service (DoS), data extraction, remote code execution, etc. targeting availability, integrity and confidentiality of the devices and data.</p> <p>Siemens has released a new version for SIPROTEC 4 7SJ66 and recommends to update to the latest version.</p>

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-617233 V1.0: Urgent/11 TCP/IP Stack Vulnerabilities in SIPROTEC 4 7SJ66 Devices See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more