Today the DHS ICS-CERT published a control system security advisory describing a denial-of-service vulnerability in Siemens SICAM products. The vulnerability was reported by Adam Crain of Automatak LLC. Siemens has produced a firmware update to mitigate the vulnerability. There is no indication that Adam has been provided an opportunity to verify the efficacy of the fix.
ICS-CERT reports that a relatively unskilled attacker could remotely exploit this vulnerability to cause a denial of service. The Siemens Security Advisory reports that the vulnerability exist in the SM-2558 and SM-2556 IEC 60870-5-104 COM Modules used in the SICAM products.
Siemens announced their advisory on TWITTER® last Friday.