U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Siemens fixed multiple DoS flaws in several products

Siemens issued Patch Tuesday updates for February 2020 that fixed serious denial-of-service (DoS) flaws in several of its products. Siemens released Patch Tuesday updates for February 2020 that address serious denial-of-service (DoS) flaws in several of its products. According to the advisories released by the vendor, a high-severity DoS flaw affects Siemens SIMATIC PCS 7, […]

siemens logo

Siemens issued Patch Tuesday updates for February 2020 that fixed serious denial-of-service (DoS) flaws in several of its products.

Siemens released Patch Tuesday updates for February 2020 that address serious denial-of-service (DoS) flaws in several of its products.

According to the advisories released by the vendor, a high-severity DoS flaw affects Siemens SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC products.

“A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled.” reads the security advisory published by Siemens. “The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are not affected as encrypted communication is not an option).”

The flaw could be exploited if encrypted communication is enabled by sending specially crafted messages to the vulnerable system over the network. An attacker could exploit the issue without system privileges or user interaction. The flaw, tracked with the ID SSA-270778 received a CVSS score of 7.5.

siemens logo

Siemens addressed another DoS vulnerability that affects some SIMATIC S7 CPUs. The vulnerability can be exploited by an unauthenticated attacker by sending specially crafted HTTP requests to TCP ports 80 or 443.

Siemens fixed a DoS flaw that resides in many of its products using Profinet-IO (PNIO) stack versions prior to 06.00.

Siemens fixed two of the flaws in several industrial products, both are related to the handling of SNMP messages.

Siemens also fixed an issue in its S7-1500 CPUs which can be exploited by sending specially crafted UDP packets to a device.

The complete list of DoS vulnerabilities addressed by the IT vendor is reported in the advisories published by the company.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – ICS, DoS)

[adrotate banner=”5″]

[adrotate banner=”13″]