<p>Multiple Industrial products are affected by a vulnerability in the
Interniche IP-Stack. The affected products do not properly enforce TCP
sequence number validation in specific scenarios but accept values
within a broad range. This could allow an unauthenticated remote
attacker e.g. to interfere with connection setup, potentially leading to
a denial of service. The attack succeeds only if an attacker can inject
IP packets with spoofed addresses at precisely timed moments, and it
affects only TCP-based services.</p>
<p>Siemens has released new versions for several affected products and
recommends to update to the latest versions. Siemens is preparing
further fix versions and recommends specific countermeasures for
products where fixes are not, or not yet available.</p>
Source link
