SSA-841348 (Last Update: 2020-11-10): Multiple Vulnerabilities in the UMC Stack

Published

2020-11-10 00:00:00 UTC

Summary

The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative privileges to execute code with SYSTEM level privileges.

Siemens has released updates for several affected products and recommends that customers update to the latest version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.