Siemens has released six new advisories for its April 2020 Patch Tuesday updates, including three that inform customers about the impact of the SegmentSmack vulnerability on some of the company’s industrial products.
Researcher Juha-Matti Tilli discovered in 2018 that the Linux kernel was affected by two vulnerabilities that could be exploited to launch remote denial-of-service (DoS) attacks by sending specially crafted packets to the targeted system.
The high-severity vulnerabilities are tracked as CVE-2018-5390 and CVE-2018-5391, and they have been named SegmentSmack and FragmentSmack, respectively. Experts warned when the flaws were disclosed that they could impact products from tens of major vendors.
Siemens released three “SegmentSmack” advisories this week to inform customers that tens of its products are impacted by the vulnerabilities.
In one advisory, Siemens revealed that SegmentSmack and FragmentSmack impact some of its IE/PB-Link devices, RUGGEDCOM routers, ROX-based VPN endpoints and firewalls, SCALANCE routers and firewalls, SIMATIC communication processors, and SINEMA Remote Connect.
Another SegmentSmack-related advisory from Siemens describes a DoS vulnerability in the VxWorks-based Profinet TCP stack. This weakness, tracked as CVE-2019-19301, impacts SIMATIC communication modules, SCALANCE X switches, and SIPLUS devices designed to work in extreme conditions.
The last SegmentSmack-related advisory describes a DoS flaw in the Interniche-based TCP stack. This security hole, identified as CVE-2019-19300, affects Siemens’ SIDOOR door management system, various types of SIMATIC devices, SINAMICS converters, and SIPLUS products.
Siemens has released firmware updates for some of the affected devices to address the vulnerabilities, and says it’s working on patches for the remaining impacted products.
In addition, the industrial giant informed customers this week about a high-severity DHCP client flaw affecting its SIMOTICS, Desigo, APOGEE and TALON products; a critical vulnerability in TIM communication modules that can be exploited to gain full control of devices; and two persistent XSS flaws impacting Climatix POL908 and POL909 modules.
Related: Siemens Patches Serious DoS Vulnerabilities in Several Products
Related: Profinet Vulnerability Exposes Siemens, Moxa Devices to DoS Attacks
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- UK Car Retailer Arnold Clark Hit by Ransomware
- EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft
- Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
- Google Fi Data Breach Reportedly Led to SIM Swapping
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
- Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
Latest News
- F5 Working on Patch for BIG-IP Flaw That Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- UK Car Retailer Arnold Clark Hit by Ransomware
- Dealing With the Carcinization of Security
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Cyber Insights 2023 | Supply Chain Security
- Cyber Insights 2023 | Regulations
- Cyber Insights 2023 | Ransomware
