Siemens SIMATIC S7-300 Firmware security update

Number: AV16-095
Date: 11 June 2016

Purpose

The purpose of this advisory is to bring attention to a SIMATIC S7-300 security update released by Siemens.

Assessment

Siemens released a security update for the SIMATIC S7-300 to address a critical vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. .  An attacker could remotely exploit these vulnerabilities to cause denial-of-service conditions.

Affected versions:
Siemens SIMATIC S7-300 with Profinet support prior to version 3.2.12
Siemens SIMATIC S7-300 without Profinet support prior to version 3.3.12

CVE References: CVE-2016-3949

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References

Siemens Advisory SSA-818183:
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183.pdf

Date modified: