SSA-181018 V1.6 (Last Update: 2020-12-08): Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM Win, RFID 181EIP, and SIMATIC RF182C

Published

2020-12-08 00:00:00 UTC

Summary

SCALANCE X switches, RUGGEDCOM Win, RFID 181EIP, and SIMATIC RF182C are affected by a vulnerability that could allow an unprivileged attacker located in the same local network segment (OSI Layer 2) to gain system privileges by sending a specially crafted DHCP response to a client’s DHCP request.

Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.