Security Warnings

Your review has been sent successfully
Classification
These posts contain security warnings, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Siemens Updates

75

Warning Date: 15 September, 2021

Severity Level ● High

Warning Number: 2021-3525

Target Sector: Energy - Water and Utilities - Manufacturing - Government Facilities - Other

Description:

Siemens has released security updates to address several vulnerabilities in the following products:

  • RUGGEDCOM ROX MX5000
  • RUGGEDCOM ROX RX1400
  • RUGGEDCOM ROX RX1500
  • RUGGEDCOM ROX RX1501
  • RUGGEDCOM ROX RX1510
  • RUGGEDCOM ROX RX1511
  • RUGGEDCOM ROX RX1512
  • RUGGEDCOM ROX RX1524
  • RUGGEDCOM ROX RX1536
  • RUGGEDCOM ROX RX5000
  • NX 1980 Series
  • SIMATIC RF350M
  • SIMATIC RF650M
  • LOGO! CMR2020
  • LOGO! CMR2040
  • SIMATIC RTU 3000 family
  • SINEC NMS
  • SINEMA Remote Connect Server
  • Teamcenter Active Workspace V4.3
  • Teamcenter Active Workspace V5.0
  • Teamcenter Active Workspace V5.1
  • Teamcenter Active Workspace V5.2
  • Cerberus DMS V4.0
  • Cerberus DMS V4.1
  • Cerberus DMS V4.2
  • Cerberus DMS V5.0
  • Desigo CC Compact V4.0
  • Desigo CC Compact V4.1
  • Desigo CC Compact V4.2
  • Desigo CC Compact V5.0
  • Desigo CC V4.0
  • Desigo CC V4.1
  • Desigo CC V4.2
  • Desigo CC V5.0
  • SIPROTEC 5 relays with CPU variants CP050
  • SIPROTEC 5 relays with CPU variants CP100
  • SIPROTEC 5 relays with CPU variants CP200
  • SIPROTEC 5 relays with CPU variants CP300
  • Desigo CC
  • GMA-Manager
  • Operation Scheduler
  • Siveillance Control
  • Siveillance Control Pro
  • SIMATIC CP 1543-1 (incl. SIPLUS variants)
  • SIMATIC CP 1545-1
  • SIMATIC CP 343-1 (incl. SIPLUS variants)
  • SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)
  • SIMATIC CP 343-1 ERPC
  • SIMATIC CP 343-1 Lean (incl. SIPLUS variants)
  • SIMATIC CP 443-1 (incl. SIPLUS variants)
  • SIMATIC CP 443-1 Advanced (incl. SIPLUS variants)
  • SCALANCE X200-4P IRT
  • SCALANCE X201-3P IRT
  • SCALANCE X201-3P IRT PRO
  • SCALANCE X202-2 IRT
  • SCALANCE X202-2P IRT (incl. SIPLUS NET variant)
  • SCALANCE X202-2P IRT PRO
  • SCALANCE X204 IRT
  • SCALANCE X204 IRT PRO
  • SCALANCE X204-2 (incl. SIPLUS NET variant)
  • SCALANCE X204-2FM
  • SCALANCE X204-2LD (incl. SIPLUS NET variant)
  • SCALANCE X204-2LD TS
  • SCALANCE X204-2TS
  • SCALANCE X206-1
  • SCALANCE X206-1LD
  • SCALANCE X208 (incl. SIPLUS NET variant)
  • SCALANCE X208PRO
  • SCALANCE X212-2 (incl. SIPLUS NET variant)
  • SCALANCE X212-2LD
  • SCALANCE X216
  • SCALANCE X224
  • SCALANCE X302-7 EEC
  • SCALANCE X304-2FE
  • SCALANCE X306-1LD FE
  • SCALANCE X307-2 EEC
  • SCALANCE X307-3
  • SCALANCE X307-3LD
  • SCALANCE X308-2 (incl. SIPLUS NET variant)
  • SCALANCE X308-2LD
  • SCALANCE X308-2LH
  • SCALANCE X308-2LH+
  • SCALANCE X308-2M
  • SCALANCE X308-2M PoE
  • SCALANCE X308-2M TS
  • SCALANCE X310
  • SCALANCE X310FE
  • SCALANCE X320-1 FE
  • SCALANCE X320-1-2LD FE
  • SCALANCE X408-2
  • SCALANCE XF201-3P IRT
  • SCALANCE XF202-2P IRT
  • SCALANCE XF204
  • SCALANCE XF204 IRT
  • SCALANCE XF204-2 (incl. SIPLUS NET variant)
  • SCALANCE XF204-2BA IRT
  • SCALANCE XF206-1
  • SCALANCE XF208
  • SCALANCE XR324-4M EEC
  • SCALANCE XR324-4M PoE
  • SCALANCE XR324-4M PoE TS
  • SCALANCE XR324-12M
  • SCALANCE XR324-12M TS
  • Industrial Edge Management
  • SINEMA Server
  • APOGEE MBC (PPC) (P2 Ethernet)
  • APOGEE MEC (PPC) (P2 Ethernet)
  • APOGEE PXC Compact (BACnet)
  • APOGEE PXC Compact (P2 Ethernet)
  • APOGEE PXC Modular (BACnet)
  • APOGEE PXC Modular (P2 Ethernet)
  • TALON TC Compact (BACnet)
  • TALON TC Modular (BACnet)
  • Teamcenter V12.4
  • Teamcenter V13.0
  • Teamcenter V13.1
  • Teamcenter V13.2
  • Simcenter Femap V2020.2
  • Simcenter Femap V2021.1

Threats:

Attacker could exploit these vulnerabilities by doing the following:

  • Sensitive information disclosure
  • Escalation of privilege
  • Denial of service attack (DoS)
  • Cross-site request forgery (CSRF)

Best practice and Recommendations:

The CERT team encourages users to review Siemens security advisory and apply the necessary updates:

Last updated at 15 September, 2021

Rate the content

rate-icon