Your review has been sent successfully

Siemens Updates

3761
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Warning Date

Severity Level

Warning Number

Target Sector

16 January, 2020

● High

2020-803

Energy - Water and Utilities - HealthCare - Manufacturing - Commercial Facilities - Other

Description:

Siemens has released security several updates to address vulnerabilities in the following products:

  • RAPIDPoint® 500
  • EN100 Ethernet module IEC 61850 variant
  • EN100 Ethernet module PROFINET IO varian
  • EN100 Ethernet module Modbus TCP variant
  • EN100 Ethernet module DNP3 variant
  • EN100 Ethernet module IEC104 variant
  • Ethernet plug-in communication modules for SIPROTEC 5 devices with CPU variants CP300 and CP100
  • Ethernet plug-in communication modules for SIPROTEC 5 devices with CPU variants CP200
  • SIPROTEC 5 devices with CPU variants CP300 and CP100
  • SIPROTEC 5 devices with CPU variants CP200
  • SCALANCE X-200RNA switch family
  • SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)
  • TIA Portal V14
  • TIA Portal V15
  • TIA Portal V16
  • SINEMA Server
  • SINAMICS PERFECT HARMONY GH180 Drives
  • RFID 181-EIP
  • RUGGEDCOM Win
  • SCALANCE X-200 switch family (incl. SIPLUS NET variants)
  • SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)
  • SCALANCE X-200RNA switch family
  • SCALANCE X-300 switch family (incl. SIPLUS NET variants)
  • SCALANCE X408
  • SCALANCE X414
  • SIMATIC RF182C
  • SCALANCE XP/XC/XF-200 switch family (incl. SIPLUS NET variants)
  • SIMATIC CP443-1 OPC UA (incl. SIPLUS NET variants)
  • SIMATIC ET 200 Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
  • SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants)
  • SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants)
  • SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (incl. SIPLUS variants)
  • SIMATIC IPC DiagMonitor
  • SIMATIC NET PC Software
  • SIMATIC RF188C
  • SIMATIC RF600R
  • SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)
  • SIMATIC S7-1500 Software Controller
  • SIMATIC WinCC OA
  • SIMATIC WinCC Runtime Advanced
  • SINEC-NMS
  • SINEMA Server
  • SINUMERIK OPC UA Server
  • TeleControl Server Basic
  • CP1604
  • CP1616
  • CP343-1 Advanced (incl. SIPLUS NET variants)
  • CP443-1 (incl. SIPLUS NET variants)
  • CP443-1 Advanced (incl. SIPLUS NET variants)
  • CP443-1 OPC UA (incl. SIPLUS NET variants)
  • SIMATIC ET 200 SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)
  • SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
  • SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants)
  • SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants)
  • SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (incl. SIPLUS variants)
  • SIMATIC IPC DiagMonitor
  • SIMATIC RF181-EIP
  • SIMATIC RF182C
  • SIMATIC RF185C
  • SIMATIC RF186C
  • SIMATIC RF188C
  • SIMATIC RF600R
  • SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)
  • SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)
  • SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)
  • SIMATIC S7-PLCSIM Advanced
  • SIMATIC Teleservice Adapter IE Advanced
  • SIMATIC Teleservice Adapter IE Basic
  • SIMATIC Teleservice Adapter IE Standard
  • SIMATIC WinAC RTX (F) 2010
  • SIMATIC WinCC Runtime Advanced
  • SIMOCODE pro V EIP (incl. SIPLUS variants)
  • SIMOCODE pro V PN (incl. SIPLUS variants)
  • SINAMICS G130 V4.6 Control Unit
  • SINAMICS G130 V4.7 Control Unit
  • SINAMICS G130 V4.7 SP1 Control Unit
  • SINAMICS G130 V5.1 Control Unit
  • SINAMICS G130 V5.1 SP1 Control Unit
  • SINAMICS G150 V4.6 Control Unit
  • SINAMICS G150 V4.7 Control Unit
  • SINAMICS G150 V4.7 SP1 Control Unit
  • SINAMICS G150 V4.8 Control Unit
  • SINAMICS G150 V5.1 Control Unit
  • SINAMICS G150 V5.1 SP1 Control Unit
  • SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)
  • SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)
  • SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)
  • SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)
  • SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)
  • SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)
  • SINAMICS S150 V4.6 Control Unit
  • SINAMICS S150 V4.7 Control Unit
  • SINAMICS S150 V4.7 SP1 Control Unit
  • SINAMICS S150 V4.8 Control Unit
  • SINAMICS S150 V5.1 Control Unit
  • SINAMICS S150 V5.1 SP1 Control Unit
  • SINAMICS S210 V5.1 Control Unit
  • SINAMICS S210 V5.1 SP1 Control Unit
  • SITOP Manager
  • SITOP PSU8600
  • SITOP UPS1600 (incl. SIPLUS variants)
  • TIM 1531 IRC (incl. SIPLUS variants)
  • SCALANCE X-414-3E
  • Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller
  • Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200
  • Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P
  • SIMATIC CFU PA
  • SIMATIC ET200AL (incl. SIPLUS variants)
  • SIMATIC ET200M (incl. SIPLUS variants)
  • SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)
  • SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)
  • SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)
  • SIMATIC ET200S (incl. SIPLUS variants)
  • SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)
  • SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)
  • SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)
  • SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)
  • SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)
  • SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)
  • SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)
  • SIMATIC ET200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)
  • SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0)
  • SIMATIC ET200pro (incl. SIPLUS variants)
  • SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants)
  • SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants)
  • SIMATIC HMI KTP Mobile Panels (incl. SIPLUS variants)
  • SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)
  • SIMATIC PROFINET Driver
  • SIMATIC S7-1200 CPU family (incl. SIPLUS variants)
  • SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)
  • SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)
  • SINAMICS DCM
  • SINAMICS DCP
  • SINAMICS G110M V4.7 PN Control Unit
  • SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants)
  • SINAMICS G150 Control Unit
  • SINAMICS GH150 V4.7 Control Unit
  • SINAMICS GL150 V4.7 Control Unit
  • SINAMICS GM150 V4.7 Control Unit
  • SINAMICS S110 Control Unit
  • SINAMICS S150 Control Unit
  • SINAMICS SL150 V4.7 Control Unit
  • SINAMICS SM120 V4.7 Control Unit
  • SINUMERIK
  • SINUMERIK 840D sl
  • SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant)
  • SIMOTION (incl. SIPLUS variants)
  • SINAMICS G110M V4.7 Control Unit
  • SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants)
  • SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants)
  • SINUMERIK 828D

Threats:

A remote attacker could exploit these vulnerabilities by doing the following:

  • Denial of service attack (DoS)
  • Cross-site scripting (XSS)
  • Execute arbitrary code
  • Buffer overflow
  • Escalation of privilege

Best practice and Recommendations:
The CERT team encourages users to review Siemens security advisory and apply the necessary updates:

Last updated at 16 January, 2020

Rate the content

rate-icon
up icon