Siemens SINUMERIK (ICSA-20-161-06) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on buffer underflow, heap-based buffer overflow, improper initialization, out-of-bounds read, stack-based buffer overflow, access of memory location after end of buffer, off-by-one error, improper null termination, and improper initialization vulnerabilities in Siemens SINUMERIK products. The vulnerabilities affect numerous versions of SINUMERIK products. Successful exploitation of these vulnerabilities could allow remote code execution, information disclosure, and denial-of-service attacks under certain conditions. Siemens has released updates for the affected products and recommends users update to the latest versions. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.