Siemens SINUMERIK Controllers (Update A) (ICSA-18-345-02)

March 12, 2019

The NCCIC has updated this advisory with additional information on the technical details of the affected products and mitigation measures. Read the advisory at NCCIC/ICS-CERT.

December 11, 2018

The NCCIC has released an advisory on heap-based buffer overflow, integer overflow or wraparound, protection mechanism failure, permissions, privileges, and access controls, stack-based buffer overflow, and uncaught exception vulnerabilities in Siemens SINUMERIK Controllers. Multiple products and versions of these products are affected. Successful exploitation of these vulnerabilities could cause denial-of-service conditions, privilege escalation, or allow remote code execution. Siemens has released updates for several affected products and is working on updates for the remaining affected products. Siemens recommends updating affected devices as soon as possible. The NCCIC also advises on a series of mitigating measures for these vulnerabilities. NCCIC/ICS-CERT.