CISA has published an advisory on improper access control and loop with unreachable exit condition vulnerabilities in Siemens SIMATIC CP-1543-1. All versions starting at 2.0 and prior to 2.2. are affected. Successful exploitation of these vulnerabilities could allow remote attackers to conduct a denial-of-service attack by sending specially crafted packets to Port 161/UDP (SNMP). The latest update for SIMATIC CP 1543-1 contains fixes for the vulnerabilities within its embedded ProFTPD FPT server. Siemens recommends updating SIMATIC CP 1543-1 modules to Version 2.2. Additionally, Siemens has identified specific workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!