Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Siemens Industrial Devices Affected by ‘SegmentSmack’ Linux Kernel Flaw

Siemens has released six new advisories for its April 2020 Patch Tuesday updates, including three that inform customers about the impact of the SegmentSmack vulnerability on some of the company’s industrial products.

Siemens has released six new advisories for its April 2020 Patch Tuesday updates, including three that inform customers about the impact of the SegmentSmack vulnerability on some of the company’s industrial products.

Researcher Juha-Matti Tilli discovered in 2018 that the Linux kernel was affected by two vulnerabilities that could be exploited to launch remote denial-of-service (DoS) attacks by sending specially crafted packets to the targeted system.

The high-severity vulnerabilities are tracked as CVE-2018-5390 and CVE-2018-5391, and they have been named SegmentSmack and FragmentSmack, respectively. Experts warned when the flaws were disclosed that they could impact products from tens of major vendors.

Siemens released three “SegmentSmack” advisories this week to inform customers that tens of its products are impacted by the vulnerabilities.

In one advisory, Siemens revealed that SegmentSmack and FragmentSmack impact some of its IE/PB-Link devices, RUGGEDCOM routers, ROX-based VPN endpoints and firewalls, SCALANCE routers and firewalls, SIMATIC communication processors, and SINEMA Remote Connect.

Another SegmentSmack-related advisory from Siemens describes a DoS vulnerability in the VxWorks-based Profinet TCP stack. This weakness, tracked as CVE-2019-19301, impacts SIMATIC communication modules, SCALANCE X switches, and SIPLUS devices designed to work in extreme conditions.

Learn More About Vulnerabilities in Industrial Products at SecurityWeek’s 2020 ICS Cyber Security Conference

The last SegmentSmack-related advisory describes a DoS flaw in the Interniche-based TCP stack. This security hole, identified as CVE-2019-19300, affects Siemens’ SIDOOR door management system, various types of SIMATIC devices, SINAMICS converters, and SIPLUS products.

Siemens has released firmware updates for some of the affected devices to address the vulnerabilities, and says it’s working on patches for the remaining impacted products.

In addition, the industrial giant informed customers this week about a high-severity DHCP client flaw affecting its SIMOTICS, Desigo, APOGEE and TALON products; a critical vulnerability in TIM communication modules that can be exploited to gain full control of devices; and two persistent XSS flaws impacting Climatix POL908 and POL909 modules.

Related: Siemens Patches Serious DoS Vulnerabilities in Several Products

Related: Profinet Vulnerability Exposes Siemens, Moxa Devices to DoS Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.