all InfoSec news
SSA-541018 V1.4 (Last Update: 2022-02-08): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2)
Siemens ProductCERT Security Advisories cert-portal.siemens.com
Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities.
This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.
The impact of another “AMNESIA:33” vulnerability (CVE-2020-13988) is described in Siemens Security Advisory SSA-541017.
advisory cve devices embedded embedded devices impact ip stack pac products researchers security security researchers siemens ssa stack stacks tcp update updates vulnerabilities