SSA-102233 V1.4 (Last Update: 2021-01-12): SegmentSmack in VxWorks-based Industrial Devices

Published

2021-01-12 00:00:00 UTC

Summary

The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.

Siemens is working on software updates for affected products and recommends specific countermeasures for products where updates are not, or not yet available.

Source

https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdf