Siemens Industrial Products SNMP Vulnerabilities (Update B) (ICSA-20-042-02) – Products Used in the Water and Wastewater and Energy Sectors

August 11, 2020

CISA has updated this advisory with additional details on mitigation measures. Read the advisory at CISA.

July 14, 2020

CISA has updated this advisory with additional details on mitigation measures. Read the advisory at CISA.

February 13, 2020

CISA has published an advisory on data processing errors and NULL pointer dereference vulnerabilities in Siemens SCALANCE, SIMATIC, and SIPLUS products. Multiple products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow remote attackers to conduct a denial-of-service attack by sending specially crafted packets to Port 161/UDP (SNMP). Siemens has released updates for several affected products and recommends users update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.