SSA-623229 (Last Update: 2020-02-10): DROWN Vulnerability in Industrial Products

Published

2020-02-10 00:00:00 UTC

Summary

The disclosed attack called DROWN (Decrypting RSA with Obsolete and Weakened eNcryption), also known as CVE-2016-0800, could potentially allow the decryption of SSL/TLS sessions of some Siemens industrial products under certain conditions.

Siemens has released firmware updates and solutions to resolve the vulnerability