Resource exhaustion in Siemens Other software

#VU29945 Resource exhaustion in Siemens Other software

Published: 2020-07-15

Vulnerability identifier: #VU29945

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-7587

CWE-ID: CWE-400

Exploitation vector: Network

Exploit availability: No

Vendor: Siemens

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Opcenter Execution Discrete: All versions

Opcenter Execution Foundation: All versions

Opcenter Execution Process: All versions

Opcenter Intelligence: All versions

Opcenter Quality: All versions

Opcenter RD&L: 8.0

SIMATIC IT LMS: All versions

SIMATIC IT Production Suite: All versions

SIMATIC Notifier Server for Windows: All versions

SIMATIC PCS neo: All versions

SIMATIC STEP 7 (TIA Portal): 15.0 - 16.0

SIMOCODE ES: All versions

Soft Starter ES: All versions

External links
http://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siemens UMC Stack