Security News > 2020 > February > Profinet Vulnerability Exposes Siemens, Moxa Devices to DoS Attacks
A serious vulnerability found in the Profinet industrial communication protocol exposes devices from Siemens, Moxa and possibly other vendors to denial-of-service attacks.
The company's researchers have confirmed that the vulnerability impacts products from Siemens and Moxa that use Profinet, but they believe products from other vendors may be affected as well.
Siemens published an advisory only this week, but the vulnerability impacts a much higher number of products compared to Moxa, including SINAMICS converters, SCALANCE switches and routers, and many SIMATIC devices.
Siemens has also advised other vendors of Profinet devices to check if their products have incorporated a vulnerable version of the Siemens PROFINET-IO stack as part of the Siemens Development/Evaluation Kits.
"The vulnerability we exposed can be easily exploited. Coupled with the high-sensitivity of the services running over Siemens devices, it arms the flaw with a huge potential for damage," said Yuval Ardon, security researcher at OTORIO. "It is a remote, routable and unauthenticated vulnerability that uses legitimate functionality of the protocol. This complicates mitigation, because blocking Profinet communication can cause a disruption in the operational process of machinery, signaling networks and connected devices."
News URL
Related news
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- Attack Surface Management vs. Vulnerability Management (source)
- New HTTP/2 DoS attack can crash web servers with a single connection (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (source)
- New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks (source)