Siemens SIMATIC, SINAMICS (Update A) (ICSA-20-161-05) – Products Used in the Water and Wastewater and Energy Sectors

July 14, 2020

CISA has updated this advisory with additional details on affected products and mitigation measures. Read the advisory at CISA.

June 10, 2020

CISA has published an advisory on uncontrolled search path element and heap-based buffer overflow vulnerabilities in Siemens SIMATIC and SINAMICS. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow an attacker to affect the availability of the devices under certain conditions. Siemens has made product updates available; it has also identified specific workarounds and mitigations to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.