Siemens Patches Flaws in SIMATIC Controllers, Mobile Apps

By Eduard Kovacs

German industrial giant Siemens has released security patches for several of its SIMATIC products, including some controllers and a mobile application.

Organizations using SIMATIC products were informed by both Siemens and ICS-CERT this week of a denial-of-service (DoS) vulnerability that can be exploited by sending specially crafted PROFINET DCP packets to affected systems.

The flaw, tracked as CVE-2018-4843 and classified as medium severity, can be exploited by an attacker who has access to the network housing the targeted device. While DoS vulnerabilities are generally seen as less severe compared to code execution …read more

Via:: Security Week