الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات Siemens
3760
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
16 يناير, 2020
● عالي
2020-803
الطاقة - المياه والمرافق العامة - الصحة - الصناعة - التسهيلات التجارية - أخرى
الوصف:
أصدرت Siemens تحديثات لمعالجة عدة ثغرات في المنتجات التالية:
- RAPIDPoint® 500
- EN100 Ethernet module IEC 61850 variant
- EN100 Ethernet module PROFINET IO varian
- EN100 Ethernet module Modbus TCP variant
- EN100 Ethernet module DNP3 variant
- EN100 Ethernet module IEC104 variant
- Ethernet plug-in communication modules for SIPROTEC 5 devices with CPU variants CP300 and CP100
- Ethernet plug-in communication modules for SIPROTEC 5 devices with CPU variants CP200
- SIPROTEC 5 devices with CPU variants CP300 and CP100
- SIPROTEC 5 devices with CPU variants CP200
- SCALANCE X-200RNA switch family
- SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)
- TIA Portal V14
- TIA Portal V15
- TIA Portal V16
- SINEMA Server
- SINAMICS PERFECT HARMONY GH180 Drives
- RFID 181-EIP
- RUGGEDCOM Win
- SCALANCE X-200 switch family (incl. SIPLUS NET variants)
- SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)
- SCALANCE X-200RNA switch family
- SCALANCE X-300 switch family (incl. SIPLUS NET variants)
- SCALANCE X408
- SCALANCE X414
- SIMATIC RF182C
- SCALANCE XP/XC/XF-200 switch family (incl. SIPLUS NET variants)
- SIMATIC CP443-1 OPC UA (incl. SIPLUS NET variants)
- SIMATIC ET 200 Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
- SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants)
- SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants)
- SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (incl. SIPLUS variants)
- SIMATIC IPC DiagMonitor
- SIMATIC NET PC Software
- SIMATIC RF188C
- SIMATIC RF600R
- SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)
- SIMATIC S7-1500 Software Controller
- SIMATIC WinCC OA
- SIMATIC WinCC Runtime Advanced
- SINEC-NMS
- SINEMA Server
- SINUMERIK OPC UA Server
- TeleControl Server Basic
- CP1604
- CP1616
- CP343-1 Advanced (incl. SIPLUS NET variants)
- CP443-1 (incl. SIPLUS NET variants)
- CP443-1 Advanced (incl. SIPLUS NET variants)
- CP443-1 OPC UA (incl. SIPLUS NET variants)
- SIMATIC ET 200 SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)
- SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
- SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants)
- SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants)
- SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (incl. SIPLUS variants)
- SIMATIC IPC DiagMonitor
- SIMATIC RF181-EIP
- SIMATIC RF182C
- SIMATIC RF185C
- SIMATIC RF186C
- SIMATIC RF188C
- SIMATIC RF600R
- SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)
- SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)
- SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)
- SIMATIC S7-PLCSIM Advanced
- SIMATIC Teleservice Adapter IE Advanced
- SIMATIC Teleservice Adapter IE Basic
- SIMATIC Teleservice Adapter IE Standard
- SIMATIC WinAC RTX (F) 2010
- SIMATIC WinCC Runtime Advanced
- SIMOCODE pro V EIP (incl. SIPLUS variants)
- SIMOCODE pro V PN (incl. SIPLUS variants)
- SINAMICS G130 V4.6 Control Unit
- SINAMICS G130 V4.7 Control Unit
- SINAMICS G130 V4.7 SP1 Control Unit
- SINAMICS G130 V5.1 Control Unit
- SINAMICS G130 V5.1 SP1 Control Unit
- SINAMICS G150 V4.6 Control Unit
- SINAMICS G150 V4.7 Control Unit
- SINAMICS G150 V4.7 SP1 Control Unit
- SINAMICS G150 V4.8 Control Unit
- SINAMICS G150 V5.1 Control Unit
- SINAMICS G150 V5.1 SP1 Control Unit
- SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)
- SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)
- SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)
- SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)
- SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)
- SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)
- SINAMICS S150 V4.6 Control Unit
- SINAMICS S150 V4.7 Control Unit
- SINAMICS S150 V4.7 SP1 Control Unit
- SINAMICS S150 V4.8 Control Unit
- SINAMICS S150 V5.1 Control Unit
- SINAMICS S150 V5.1 SP1 Control Unit
- SINAMICS S210 V5.1 Control Unit
- SINAMICS S210 V5.1 SP1 Control Unit
- SITOP Manager
- SITOP PSU8600
- SITOP UPS1600 (incl. SIPLUS variants)
- TIM 1531 IRC (incl. SIPLUS variants)
- SCALANCE X-414-3E
- Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller
- Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200
- Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P
- SIMATIC CFU PA
- SIMATIC ET200AL (incl. SIPLUS variants)
- SIMATIC ET200M (incl. SIPLUS variants)
- SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)
- SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)
- SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)
- SIMATIC ET200S (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)
- SIMATIC ET200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)
- SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0)
- SIMATIC ET200pro (incl. SIPLUS variants)
- SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants)
- SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants)
- SIMATIC HMI KTP Mobile Panels (incl. SIPLUS variants)
- SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)
- SIMATIC PROFINET Driver
- SIMATIC S7-1200 CPU family (incl. SIPLUS variants)
- SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)
- SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)
- SINAMICS DCM
- SINAMICS DCP
- SINAMICS G110M V4.7 PN Control Unit
- SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants)
- SINAMICS G150 Control Unit
- SINAMICS GH150 V4.7 Control Unit
- SINAMICS GL150 V4.7 Control Unit
- SINAMICS GM150 V4.7 Control Unit
- SINAMICS S110 Control Unit
- SINAMICS S150 Control Unit
- SINAMICS SL150 V4.7 Control Unit
- SINAMICS SM120 V4.7 Control Unit
- SINUMERIK
- SINUMERIK 840D sl
- SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant)
- SIMOTION (incl. SIPLUS variants)
- SINAMICS G110M V4.7 Control Unit
- SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants)
- SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants)
- SINUMERIK 828D
التهديدات:
يمكن للمهاجم عن بعد (Remote Attacker) استغلال الثغرات وتنفيذ التالي:
- هجمة حجب الخدمة (DoS attack)
- هجمة البرمجة عبر المواقع ((Cross-site scripting (XSS)
- تنفيذ برمجيات خبيثة
- تجاوز سعة مخزن الذاكرة المؤقت
- رفع الصلاحيات لزيادة قدرته على التعديل في النظام
الإجراءات الوقائية:
يوصي المركز بتحديث نسخ المنتج المتأثر، حيث أصدرت Siemens توضيحًا لهذه التحديثات:
- https://cert-portal.siemens.com/productcert/txt/ssa-616199.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-418979.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-632562.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-629512.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-443566.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-880233.txt
- https://cert-portal.siemens.com/productcert/txt/ssb-382508.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-242353.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-181018.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-480829.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-557804.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-307392.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-480230.txt
- https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-646841.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-473245.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-349422.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-878278.txt
قيم المحتوى
شارك الصفحة
