Siemens SIMATIC S7-1500 Denial of Service Vulnerability (CVE-2014-5074)
Release date:
Updated on:
Affected Systems:
Siemens SIMATIC S7-1500 <1.6
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69241
CVE (CAN) ID: CVE-2014-5074
Siemens SIMATIC S7-1500 is a modular controller series product.
A denial of service vulnerability exists in versions earlier than Siemens SIMATIC S7-1500 1.6 when processing specially crafted TCP packets sent in a specific order, and the CPU will automatically restart and stay in STOP mode, you need to manually enter the RUN mode.
<* Source: Arnaud EBALARD
Link: https://ics-cert.us-cert.gov/advisories/ICSA-14-226-01
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Siemens
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://support.automation.siemens.com/WW/view/en/98164677
This article permanently updates the link address: