Security News > 2020 > February > Profinet Vulnerability Exposes Siemens, Moxa Devices to DoS Attacks

Profinet Vulnerability Exposes Siemens, Moxa Devices to DoS Attacks
2020-02-13 18:32

A serious vulnerability found in the Profinet industrial communication protocol exposes devices from Siemens, Moxa and possibly other vendors to denial-of-service attacks.

The company's researchers have confirmed that the vulnerability impacts products from Siemens and Moxa that use Profinet, but they believe products from other vendors may be affected as well.

Siemens published an advisory only this week, but the vulnerability impacts a much higher number of products compared to Moxa, including SINAMICS converters, SCALANCE switches and routers, and many SIMATIC devices.

Siemens has also advised other vendors of Profinet devices to check if their products have incorporated a vulnerable version of the Siemens PROFINET-IO stack as part of the Siemens Development/Evaluation Kits.

"The vulnerability we exposed can be easily exploited. Coupled with the high-sensitivity of the services running over Siemens devices, it arms the flaw with a huge potential for damage," said Yuval Ardon, security researcher at OTORIO. "It is a remote, routable and unauthenticated vulnerability that uses legitimate functionality of the protocol. This complicates mitigation, because blocking Profinet communication can cause a disruption in the operational process of machinery, signaling networks and connected devices."


News URL

http://feedproxy.google.com/~r/Securityweek/~3/rNHS3cOGjas/profinet-vulnerability-exposes-siemens-moxa-devices-dos-attacks

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Siemens 1779 26 427 871 201 1525
Moxa 451 2 53 152 67 274