Siemens UMC Stack (Update B) (ICSA-20-196-05)

September 8, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

August 11, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

July 16, 2020

CISA has published an advisory on unquoted search path or element, uncontrolled resource consumption, and improper input validation vulnerabilities in Siemens UMC Stack. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow an attacker to cause a partial denial-of-service condition on the UMC component of the affected devices under certain circumstances. This could also allow an attacker to locally escalate privileges from a user with administrative privileges to execute code with SYSTEM level privileges. Siemens recommends applying updates, where available, as well as implementing specific workarounds and mitigations that can reduce the risk. CISA also recommends a series of measures to mitigate the vulnerabilities. Access the advisory at CISA.