You are here

Siemens RUGGEDCOM ROX II (ICSA-19-099-05) – Products Used in the Energy Sector

Siemens RUGGEDCOM ROX II (ICSA-19-099-05) – Products Used in the Energy Sector

Created: Tuesday, April 9, 2019 - 17:20
Categories:
Cybersecurity

The NCCIC has published an advisory on double free, out-of-bounds read, and uncontrolled resource consumption vulnerabilities in Siemens RUGGEDCOM ROX II. All versions prior to 2.13.0 are affected. Successful exploitation of these vulnerabilities could result in remote code execution and/or a denial-of-service condition. Siemens has provided firmware update v2.13.0 to fix these vulnerabilities and also recommends users apply specific workarounds and mitigations to reduce risk. The NCCIC has also provided a series of measures for mitigating the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.