Number: AV16-095
Date: 11 June 2016
Purpose
The purpose of this advisory is to bring attention to a SIMATIC S7-300 security update released by Siemens.
Assessment
Siemens released a security update for the SIMATIC S7-300 to address a critical vulnerability . An attacker could remotely exploit these vulnerabilities to cause denial-of-service conditions.
Affected versions:
Siemens SIMATIC S7-300 with Profinet support prior to version 3.2.12
Siemens SIMATIC S7-300 without Profinet support prior to version 3.3.12
CVE References: CVE-2016-3949
Suggested action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References
Siemens Advisory SSA-818183:
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183.pdf