You are here

OT Vulnerability Management – Siemens Releases Multiple Advisories for NAME:WRECK Vulnerability

OT Vulnerability Management – Siemens Releases Multiple Advisories for NAME:WRECK Vulnerability

Created: Thursday, April 15, 2021 - 14:22
Categories:
Cybersecurity

On Tuesday, Siemens released five advisories related to vulnerabilities in its products used in industrial environments regarding the NAME:WRECK vulnerability disclosed by Forescout that same day. According to Forescout, NAME:WRECK refers to how the parsing of domain names can break – “wreck” – DNS implementations in TCP/IP stacks, leading to denial of service or remote code execution. To reduce the risk posed by NAME:WRECK, Siemens currently recommends to avoid using DNS client of affected versions as a workaround and to contact customer support for additional mitigation advice. For more visit Security Week and the ICS-CERT Advisory at CISA.