|SIMA² Master Station
|< V 2.6
Improper buffer restrictions in the webserver used in SIMA² Master Station software versions < V 2.6 may allow an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service.
Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service.
The webserver component of the automation runtime used implements insufficient checks on handling file uploads. This implementation could result in a memory violation, which in turn affects the stability of automation runtime.
An attacker could leverage this vulnerability to potentially cause a denial of service of the device.
AUMA recommends the following specific workarounds and mitigations:
In general, AUMA recommends implementing the Product Security Guideline for uses on Cybersecurity for the SIMA² Master Station.
The described vulnerabilities have been fixed in the product versions with software version V 2.6 or
higher. SIMA² Master Stations with software versions < V 2.6 can be upgraded. AUMA recommends applying a product update at the earliest convenience
AUMA Riester GmbH & Co. KG thanks CERT@VDE for the support with this publication.