SSA-352504 (Last Update: 2020-05-12): Urgent/11 TCP/IP Stack Vulnerabilities in Siemens Power Meters

Published

2020-05-12 00:00:00 UTC

Summary

Siemens low & high voltage power meters are affected by multiple security vulnerabilities due to the underlying Wind River VxWorks network stack. This stack is affected by eleven vulnerabilities known as the "URGENT/11".

The vulnerability could allow an attacker to execute a variety of exploits for the purpose of Denial-of-Service (DoS), data extraction, RCE, etc. targeting both availability and confidentiality of the devices and data.

Siemens is working on updates for the affected products, and recommends countermeasures until fixes are available.

Source

https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf