SSA-541017 V1.0: Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SIRIUS 3RW5 Modbus TCP and SENTRON PAC Devices


2020-12-08 00:00:00 UTC


Recently security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities.

The Siemens products mentioned below are affected by one of these vulnerabilities (CVE-2020-13988).

Siemens has released updates for SENTRON PAC devices, is working on updates for SIRIUS 3RW5 communication module Modbus TCP, and recommends specific countermeasures for vulnerable product versions.