The official site for Saudi CERT
Siemens Alert
2759
Warning Date
Severity Level
Warning Number
Target Sector
13 April, 2022
● High
2022-4659
All
Siemens has released security alerts to address several vulnerabilities in the following products:
- Simcenter Femap:
- All versions < V2022.1.2
- Mendix Applications using Mendix 7:
- All versions < V7.23.27
- Mendix Applications using Mendix 8:
- All versions < V8.18.14
- Mendix Applications using Mendix 9:
- All versions < V9.12.0
- Mendix Applications using Mendix 9 (V9.6):
- All versions < V9.6.3
- SCALANCE X302-7 EEC (2x 24V) (6GK5302-7GD00-2EA3):
- All versions < V4.1.4
- SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3):
- SCALANCE X302-7 EEC (2x 230V) (6GK5302-7GD00-4EA3):
- SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3):
- SCALANCE X302-7 EEC (24V) (6GK5302-7GD00-1EA3):
- SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3):
- SCALANCE X302-7 EEC (230V) (6GK5302-7GD00-3EA3):
- SCALANCE X302-7 EEC (230V, coated) (6GK5302-7GD00-3GA3):
- SCALANCE X304-2FE (6GK5304-2BD00-2AA3):
- SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3):
- SCALANCE X307-2 EEC (2x 24V) (6GK5307-2FD00-2EA3):
- SCALANCE X307-2 EEC (2x 24V, coated) (6GK5307-2FD00-2GA3):
- SCALANCE X307-2 EEC (2x 230V) (6GK5307-2FD00-4EA3):
- SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3):
- SCALANCE X307-2 EEC (24V) (6GK5307-2FD00-1EA3):
- SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3):
- SCALANCE X307-2 EEC (230V) (6GK5307-2FD00-3EA3):
- SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3):
- SCALANCE X307-3 (6GK5307-3BL00-2AA3):
- SCALANCE X307-3 (6GK5307-3BL10-2AA3):
- SCALANCE X307-3LD (6GK5307-3BM00-2AA3):
- SCALANCE X307-3LD (6GK5307-3BM10-2AA3):
- SCALANCE X308-2 (6GK5308-2FL00-2AA3):
- SCALANCE X308-2 (6GK5308-2FL10-2AA3):
- SCALANCE X308-2LD (6GK5308-2FM00-2AA3):
- SCALANCE X308-2LD (6GK5308-2FM10-2AA3):
- SCALANCE X308-2LH (6GK5308-2FN00-2AA3):
- SCALANCE X308-2LH (6GK5308-2FN10-2AA3):
- SCALANCE X308-2LH+ (6GK5308-2FP00-2AA3):
- SCALANCE X308-2LH+ (6GK5308-2FP10-2AA3):
- SCALANCE X308-2M (6GK5308-2GG00-2AA2):
- SCALANCE X308-2M (6GK5308-2GG10-2AA2):
- SCALANCE X308-2M PoE (6GK5308-2QG00-2AA2):
- SCALANCE X308-2M PoE (6GK5308-2QG10-2AA2):
- SCALANCE X308-2M TS (6GK5308-2GG00-2CA2):
- SCALANCE X308-2M TS (6GK5308-2GG10-2CA2):
- SCALANCE X310 (6GK5310-0FA00-2AA3):
- SCALANCE X310 (6GK5310-0FA10-2AA3):
- SCALANCE X310FE (6GK5310-0BA00-2AA3):
- SCALANCE X310FE (6GK5310-0BA10-2AA3):
- SCALANCE X320-1 FE (6GK5320-1BD00-2AA3):
- SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3):
- SCALANCE X408-2 (6GK5408-2FD00-2AA2):
- SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2):
- SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2):
- SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2):
- SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2):
- SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-4ER2):
- SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-4ER2):
- SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-4JR2):
- SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-4JR2):
- SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2):
- SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2):
- SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG00-1JR2):
- SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2):
- SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-3ER2):
- SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-3ER2):
- SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-3JR2):
- SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-3JR2):
- SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2):
- SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2):
- SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2):
- SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2):
- SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2):
- SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2):
- SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2):
- SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2):
- SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2):
- SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2):
- SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG10-3AR2):
- SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2):
- SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG10-3HR2):
- SCALANCE XR324-12M TS (24V) (6GK5324-0GG00-1CR2):
- SCALANCE XR324-12M TS (24V) (6GK5324-0GG10-1CR2):
- SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3):
- SIMATIC PCS neo (Administration Console):
- All versions < V3.1 SP1
- SINETPLAN:
- All versions
- TIA Portal:
- V15, V15.1, V16 and V17
- SIMATIC Energy Manager Basic:
- All versions < V7.3 Update 1
- SIMATIC Energy Manager PRO:
- SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants):
- All versions < V6.0.10
- SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants):
- SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants):
- SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants):
- All versions < V10.1
- SIMATIC CFU DIQ (6ES7655-5PX31-1XX0):
- SIMATIC CFU PA (6ES7655-5PX11-0XX0):
- SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants):
- SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants):
- All versions < V2.0.0
- SIMATIC TDC CP51M1:
- SIMATIC TDC CPU555:
- SIMATIC WinAC RTX:
- SIMIT Simulation Platform:
- All versions < V9.11
- SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0):
- All versions < V3.0.0
- SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0):
- SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0):
- SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0):
- SIMATIC STEP 7 (TIA Portal) V15:
- SIMATIC STEP 7 (TIA Portal) V16:
- All versions < V16 Update 5
- SIMATIC STEP 7 (TIA Portal) V17:
- All versions < V17 Update 2
- SICAM A8000 CP-8031 (6MF2803-1AA00)
- All versions < V4.80
- SICAM A8000 CP-8050 (6MF2805-0AA00)
·
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code remotely
- Denial of service attack (DoS)
- Information disclosure
The CERT team encourages users to review Amazon security advisory:
- https://cert-portal.siemens.com/productcert/html/ssa-998762.html
- https://cert-portal.siemens.com/productcert/html/ssa-870917.html
- https://cert-portal.siemens.com/productcert/html/ssa-836527.html
- https://cert-portal.siemens.com/productcert/html/ssa-711829.html
- https://cert-portal.siemens.com/productcert/html/ssa-655554.html
- https://cert-portal.siemens.com/productcert/html/ssa-557541.html
- https://cert-portal.siemens.com/productcert/html/ssa-446448.html
- https://cert-portal.siemens.com/productcert/html/ssa-414513.html
- https://cert-portal.siemens.com/productcert/html/ssa-392912.html
- https://cert-portal.siemens.com/productcert/html/ssa-350757.html
- https://cert-portal.siemens.com/productcert/html/ssa-316850.html
Rate the content
Share the page
