Advisory ICSA-18-245-02

Siemens SINUMERIK Controllers
12/11/2018 10:00 AM EST12/11/2018 10:00 AM EST

This advisory includes mitigation for heap-based buffer overflow, integer overflow or wraparound, protection mechanism failure, permissions, privileges, and access controls, stack-based buffer overflow, uncaught exception vulnerabilities in the Siemens SINUMERIK Controllers software.

•    CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
•    COUNTRIES/AREAS DEPLOYED: Worldwide

  • ATTENTION: Exploitable remotely/low skill level to exploit
  • Vendor: Siemens
  • Equipment: SINUMERIK Controllers
  • Vulnerabilities: Heap-based Buffer Overflow, Integer Overflow or Wraparound, Protection Mechanism Failure, Permissions, Privileges, and Access Controls, Stack-based Buffer Overflow, Uncaught Exception

REFERENCE URL: https://ics-cert.us-cert.gov/advisories/ICSA-18-345-02