SSA-632562 (Last Update: 2019-08-02): Vulnerabilities in SIPROTEC 5 Ethernet plug-in communication modules and devices

Published

2019-08-02 00:00:00 UTC

Summary

The SIPROTEC 5 Ethernet plug-in communication modules and devices are affected by multiple security vulnerabilities. These vulnerabilities could allow an attacker to leverage various attacks, e.g. to execute arbitrary code over the network.

Eleven of these vulnerabilities affect the underlying Wind River VxWorks network stack and were recently patched by Wind River. One further vulnerability affects the boot process of the device under certain conditions.

Siemens has released updates for all vulnerabilities in some products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available.