SSA-352504 (Last Update: 2020-05-12): Urgent/11 TCP/IP Stack Vulnerabilities in Siemens Power Meters
Published
2020-05-12 00:00:00 UTC
Summary
Siemens low & high voltage power meters are affected by multiple security vulnerabilities due to the underlying Wind River VxWorks network stack. This stack is affected by eleven vulnerabilities known as the "URGENT/11".
The vulnerability could allow an attacker to execute a variety of exploits for the purpose of Denial-of-Service (DoS), data extraction, RCE, etc. targeting both availability and confidentiality of the devices and data.
Siemens is working on updates for the affected products, and recommends countermeasures until fixes are available.