Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Siemens Patches Serious DoS Vulnerabilities in Several Products

Siemens’ Patch Tuesday updates for February 2020 address serious denial-of-service (DoS) vulnerabilities in several of the company’s products.

Siemens’ Patch Tuesday updates for February 2020 address serious denial-of-service (DoS) vulnerabilities in several of the company’s products.

The company has published a dozen new advisories describing vulnerabilities found in its products. Many of the security holes have been classified as high severity based on their CVSS score.

Siemens SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC products are affected by a high-severity DoS flaw if encrypted communication is enabled. The vulnerability can be exploited by sending specially crafted messages to the targeted system over the network. The attack does not require system privileges or user interaction.

Some SIMATIC S7 CPUs are affected by a DoS vulnerability that can be exploited by an unauthenticated attacker by sending specially crafted HTTP requests to TCP ports 80 or 443. A successful attack leveraging this vulnerability will cause the device’s web server to enter a DoS condition.

In a separate advisory, Siemens said its S7-1500 CPUs are also affected by a DoS vulnerability, which can be exploited by sending specially crafted UDP packets to a device.

Siemens has informed customers that many of its products using Profinet-IO (PNIO) stack versions prior to 06.00 are vulnerable to DoS attacks due to “not properly limiting internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface.”

In addition, two DoS bugs related to the handling of SNMP messages have been found to impact several Siemens industrial products.

Advertisement. Scroll to continue reading.

Learn More About Vulnerabilities in Industrial Products at SecurityWeek’s 2020 ICS Cyber Security Conference

A DoS vulnerability has also been identified in SIPROTEC 4 and SIPROTEC Compact relays if they use EN100 Ethernet communication modules.

SIMATIC CP 1543-1 communication processors are affected by remote code execution and information disclosure vulnerabilities due to their use of the ProFTPD FTP server. The ProFTPD flaws were discovered last year.

Some of the German industrial giant’s SCALANCE X switches are affected by a clickjacking vulnerability, and SCALANCE S-600 devices contain flaws that can be exploited for XSS and DoS attacks.

Flaws have also been found in a component of the SSP Siveillance Access Suite and in the OZW Web Server used for building management. The OZW weakness allows an unauthenticated attacker to gain access to project files.

Siemens has started releasing patches for some of the affected products and it’s working on fixes for the remaining devices. In the meantime, users have been provided workarounds and mitigations.

One advisory published by Siemens this week informs customers that the company is working on BIOS updates that should address flaws caused by the use of Intel chips. The vulnerabilities in question were disclosed by Intel in November 2019.

Related: Undocumented Access Feature Exposes Siemens PLCs to Attacks

Related: Siemens Warns of Security Risks Associated With Use of ActiveX

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...