SSA-632562 (Last Update: 2020-01-14): Vulnerabilities in SIPROTEC 5 Ethernet plug-in communication modules and devices

Published

2020-01-14 00:00:00 UTC

Summary

The SIPROTEC 5 Ethernet plug-in communication modules and devices are affected by multiple security vulnerabilities. These vulnerabilities could allow an attacker to leverage various attacks, e.g. to execute arbitrary code over the network.

The underlying Wind River VxWorks network stack is affected by eleven vulnerabilities known as 'URGENT/11'. Of these, two DHCP-related vulnerabilities (CVE-2019-12257 and CVE-2019-12264) do not apply to this advisory as the listed products use a different DHCP stack.

One further vulnerability affects the boot process of the device under certain conditions.

Siemens has released updates and recommends that customers update to the new versions.