← Back to home
SIEMENS-SSA-632562  ·  Published 2020-01-14  ·  View on Siemens ProductCERT ↗

SSA-632562 (Last Update: 2020-01-14): Vulnerabilities in SIPROTEC 5 Ethernet plug-in communication modules and devices

CVSS 8.8 HIGH

Risk Summary

<p>The SIPROTEC 5 Ethernet plug-in communication modules and devices are affected by multiple security vulnerabilities. These vulnerabilities could allow an attacker to leverage various attacks, e.g. to execute arbitrary code over the network.</p> <p>The underlying Wind River VxWorks network stack is affected by eleven vulnerabilities known as 'URGENT/11'. Of these, two DHCP-related vulnerabilities (CVE-2019-12257 and CVE-2019-12264) do not apply to this advisory as the listed products use a different DHCP stack.</p> <p>One further vulnerability affects the boot process of the device under certain conditions.</p> <p>Siemens has released updates and recommends that customers update to the new versions.</p>

CVEs (2)

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-632562 (Last Update: 2020-01-14): Vulnerabilities in SIPROTEC 5 Ethernet plug-in communication modules and devices See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more