July 14, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

March 11, 2020

CISA has published an advisory on an uncontrolled resource consumption vulnerability in Siemens SIMATIC S7-300 CPUs and SINUMERIK Controller over Profinet. All versions prior to 3.X.17 are affected. Successful exploitation of this vulnerability could cause the affected device to go into defect mode resulting in a denial-of-service condition. Siemens recommends users of SIMATIC S7-300 CPU family update to version 3.X.17. It also recommends specific workarounds and mitigations users can apply. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.