Security News > 2020 > February > Siemens Patches Serious DoS Vulnerabilities in Several Products
Siemens' Patch Tuesday updates for February 2020 address serious denial-of-service vulnerabilities in several of the company's products.
Siemens SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC products are affected by a high-severity DoS flaw if encrypted communication is enabled.
In a separate advisory, Siemens said its S7-1500 CPUs are also affected by a DoS vulnerability, which can be exploited by sending specially crafted UDP packets to a device.
Siemens has informed customers that many of its products using Profinet-IO stack versions prior to 06.00 are vulnerable to DoS attacks due to "Not properly limiting internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface."
Two DoS bugs related to the handling of SNMP messages have been found to impact several Siemens industrial products.