SSA-102233 (Last Update: 2020-09-08): SegmentSmack in VxWorks-based Industrial Devices

Published

2020-09-08 00:00:00 UTC

Summary

The latest updates for the affected products fix a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions.

The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.

Siemens is working on software updates for affected products and recommends specific countermeasures for products where updates are not, or not yet available.

Source

https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdf