Several product lines from Siemens are affected by a serious vulnerability that can be exploited by a remote attacker to cause systems to enter a denial-of-service (DoS) condition.
The flaw, tracked as CVE-2017-12741 and rated “high severity,” was reported to Siemens by George Lashenko of industrial cybersecurity firm CyberX.
According to Siemens, the list of affected products includes SIMATIC S7-200 Smart micro-PLCs for small automation applications, some SIMATIC S7 CPUs, SIMATIC WinAC RTX software controllers, SIMATIC ET 200 PROFINET interface modules, SIMATIC PN/PN couplers, SIMATIC Compact field units, development kits for PROFINET IO, SIMOTION motion control systems, SINAMICS converters, SINUMERIK CNC automation solutions, SIMOCODE motor management systems, and SIRIUS 3RW motor soft starters.
An attacker can cause affected systems to malfunction by sending them specially crafted packets via UDP port 161, which is used for the simple network management protocol (SNMP)....(continued)