Upgrade hardware to successor product from SCALANCE SC-600 family
4.2.2 NULL POINTER DEREFERENCE CWE-476Ī NULL pointer exception bug within the SNMP handling code allows authenticated attacker to remotely cause a denial-of-service condition via a crafted packet sent on Port 161/UDP (SNMP).ĬVE-2018-18065 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
TIM 1531 IRC (including SIPLUS NET variants): All versionsĤ.2 VULNERABILITY OVERVIEW 4.2.1 DATA PROCESSING ERRORS CWE-19Īn error in the message handling of SNMP messages allows remote attackers to cause a denial-of-service condition and execute arbitrary code via a crafted packet sent on Port 161/UDP (SNMP).ĬVE-2015-5621 has been assigned to this vulnerability.SCALANCE S627-2M: All versions prior to v4.1.SCALANCE S623: All versions prior to v4.1.SCALANCE S612: All versions prior to v4.1.SCALANCE S602: All versions prior to v4.1.IE/PB LINK PN IO (including SIPLUS NET variants): All versions prior to v4.0.1.The following Siemens products are affected: Successful exploitation of these vulnerabilities could allow remote attackers to conduct a denial-of-service attack by sending specially crafted packets to Port 161/UDP (SNMP). This updated advisory is a follow-up to the advisory update titled ICSA-20-042-02 Siemens Industrial Products SNMP Vulnerabilities (Update C) that was published February 9, 2021, to the ICS webpage on. Vulnerabilities: Data Processing Errors, NULL Pointer Dereference.Equipment: Various SCALANCE, SIMATIC, SIPLUS products.ATTENTION: Exploitable remotely/low attack complexity.