SSA-780073 (Last Update: 2020-09-08): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets

Published

2020-09-08 00:00:00 UTC

Summary

Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface.

Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.

Additionally, Siemens recommends other vendors of PROFINET devices to check if their products have incorporated a vulnerable version of the Siemens PNIO stack as part of the Siemens Development/Evaluation Kits.