Multiple Siemens industrial networking devices are vulnerable to a critical stack-based buffer overflow that could allow remote attackers to execute arbitrary code or crash the system.

This is a stack-based buffer overflow vulnerability triggered during the processing of Spanning Tree Protocol (STP) Bridge Protocol Data Unit (BPDU) frames. The vulnerability is exploitable by a remote, unauthenticated attacker, provided the device's passive listening feature is enabled.

With a CVSS score of 8.8, this vulnerability poses a severe risk to operational technology (OT) environments. Successful exploitation could lead to full system compromise or prolonged denial-of-service, potentially disrupting critical industrial processes and resulting in significant operational downtime.

Immediate Action: Update affected devices to the manufacturer-recommended firmware versions, specifically SCALANCE SC-600 to v2.1.3 or later and RUGGEDCOM RM1224 to v6.4 or later.

Proactive Monitoring: Monitor network traffic for malformed STP BPDU packets and inspect system logs for unexpected reboots or service instability.

Compensating Controls: Disable the passive listening feature on affected devices if not strictly required for operations to mitigate the primary attack vector.

Public Exploit Available: False

Given the critical nature of these industrial devices, organizations should prioritize firmware updates during the next maintenance window. Apply the recommended patches immediately to mitigate the risk of unauthorized code execution within your OT infrastructure.