Security News > 2020 > April > Siemens Industrial Devices Affected by 'SegmentSmack' Linux Kernel Flaw

Siemens Industrial Devices Affected by 'SegmentSmack' Linux Kernel Flaw
2020-04-14 13:36

Siemens has released six new advisories for its April 2020 Patch Tuesday updates, including three that inform customers about the impact of the SegmentSmack vulnerability on some of the company's industrial products.

Researcher Juha-Matti Tilli discovered in 2018 that the Linux kernel was affected by two vulnerabilities that could be exploited to launch remote denial-of-service attacks by sending specially crafted packets to the targeted system.

In one advisory, Siemens revealed that SegmentSmack and FragmentSmack impact some of its IE/PB-Link devices, RUGGEDCOM routers, ROX-based VPN endpoints and firewalls, SCALANCE routers and firewalls, SIMATIC communication processors, and SINEMA Remote Connect.

Siemens has released firmware updates for some of the affected devices to address the vulnerabilities, and says it's working on patches for the remaining impacted products.

The industrial giant informed customers this week about a high-severity DHCP client flaw affecting its SIMOTICS, Desigo, APOGEE and TALON products; a critical vulnerability in TIM communication modules that can be exploited to gain full control of devices; and two persistent XSS flaws impacting Climatix POL908 and POL909 modules.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/6PM-Hv0E6Js/siemens-industrial-devices-affected-segmentsmack-linux-kernel-flaw

Related vendor