SSA-102233 (Last Update: 2020-09-08): SegmentSmack in VxWorks-based Industrial Devices
Published
2020-09-08 00:00:00 UTC
Summary
The latest updates for the affected products fix a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions.
The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.
Siemens is working on software updates for affected products and recommends specific countermeasures for products where updates are not, or not yet available.