SSA-270778 (Last Update: 2020-05-12): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software

Published

2020-05-12 00:00:00 UTC

Summary

A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled. The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are not affected as encrypted communication is not an option).

Siemens has released updates for several affected products and recommends that customers update to the latest version(s). Siemens is preparing further updates and recommends specific countermeasures until patches are available.