Siemens Updates
2064Warning Date
Severity Level
Warning Number
Target Sector
15 September, 2021
● High
2021-3525
Energy - Water and Utilities - Manufacturing - Government Facilities - Other
Description:
Siemens has released security updates to address several vulnerabilities in the following products:
- RUGGEDCOM ROX MX5000
- RUGGEDCOM ROX RX1400
- RUGGEDCOM ROX RX1500
- RUGGEDCOM ROX RX1501
- RUGGEDCOM ROX RX1510
- RUGGEDCOM ROX RX1511
- RUGGEDCOM ROX RX1512
- RUGGEDCOM ROX RX1524
- RUGGEDCOM ROX RX1536
- RUGGEDCOM ROX RX5000
- NX 1980 Series
- SIMATIC RF350M
- SIMATIC RF650M
- LOGO! CMR2020
- LOGO! CMR2040
- SIMATIC RTU 3000 family
- SINEC NMS
- SINEMA Remote Connect Server
- Teamcenter Active Workspace V4.3
- Teamcenter Active Workspace V5.0
- Teamcenter Active Workspace V5.1
- Teamcenter Active Workspace V5.2
- Cerberus DMS V4.0
- Cerberus DMS V4.1
- Cerberus DMS V4.2
- Cerberus DMS V5.0
- Desigo CC Compact V4.0
- Desigo CC Compact V4.1
- Desigo CC Compact V4.2
- Desigo CC Compact V5.0
- Desigo CC V4.0
- Desigo CC V4.1
- Desigo CC V4.2
- Desigo CC V5.0
- SIPROTEC 5 relays with CPU variants CP050
- SIPROTEC 5 relays with CPU variants CP100
- SIPROTEC 5 relays with CPU variants CP200
- SIPROTEC 5 relays with CPU variants CP300
- Desigo CC
- GMA-Manager
- Operation Scheduler
- Siveillance Control
- Siveillance Control Pro
- SIMATIC CP 1543-1 (incl. SIPLUS variants)
- SIMATIC CP 1545-1
- SIMATIC CP 343-1 (incl. SIPLUS variants)
- SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)
- SIMATIC CP 343-1 ERPC
- SIMATIC CP 343-1 Lean (incl. SIPLUS variants)
- SIMATIC CP 443-1 (incl. SIPLUS variants)
- SIMATIC CP 443-1 Advanced (incl. SIPLUS variants)
- SCALANCE X200-4P IRT
- SCALANCE X201-3P IRT
- SCALANCE X201-3P IRT PRO
- SCALANCE X202-2 IRT
- SCALANCE X202-2P IRT (incl. SIPLUS NET variant)
- SCALANCE X202-2P IRT PRO
- SCALANCE X204 IRT
- SCALANCE X204 IRT PRO
- SCALANCE X204-2 (incl. SIPLUS NET variant)
- SCALANCE X204-2FM
- SCALANCE X204-2LD (incl. SIPLUS NET variant)
- SCALANCE X204-2LD TS
- SCALANCE X204-2TS
- SCALANCE X206-1
- SCALANCE X206-1LD
- SCALANCE X208 (incl. SIPLUS NET variant)
- SCALANCE X208PRO
- SCALANCE X212-2 (incl. SIPLUS NET variant)
- SCALANCE X212-2LD
- SCALANCE X216
- SCALANCE X224
- SCALANCE X302-7 EEC
- SCALANCE X304-2FE
- SCALANCE X306-1LD FE
- SCALANCE X307-2 EEC
- SCALANCE X307-3
- SCALANCE X307-3LD
- SCALANCE X308-2 (incl. SIPLUS NET variant)
- SCALANCE X308-2LD
- SCALANCE X308-2LH
- SCALANCE X308-2LH+
- SCALANCE X308-2M
- SCALANCE X308-2M PoE
- SCALANCE X308-2M TS
- SCALANCE X310
- SCALANCE X310FE
- SCALANCE X320-1 FE
- SCALANCE X320-1-2LD FE
- SCALANCE X408-2
- SCALANCE XF201-3P IRT
- SCALANCE XF202-2P IRT
- SCALANCE XF204
- SCALANCE XF204 IRT
- SCALANCE XF204-2 (incl. SIPLUS NET variant)
- SCALANCE XF204-2BA IRT
- SCALANCE XF206-1
- SCALANCE XF208
- SCALANCE XR324-4M EEC
- SCALANCE XR324-4M PoE
- SCALANCE XR324-4M PoE TS
- SCALANCE XR324-12M
- SCALANCE XR324-12M TS
- Industrial Edge Management
- SINEMA Server
- APOGEE MBC (PPC) (P2 Ethernet)
- APOGEE MEC (PPC) (P2 Ethernet)
- APOGEE PXC Compact (BACnet)
- APOGEE PXC Compact (P2 Ethernet)
- APOGEE PXC Modular (BACnet)
- APOGEE PXC Modular (P2 Ethernet)
- TALON TC Compact (BACnet)
- TALON TC Modular (BACnet)
- Teamcenter V12.4
- Teamcenter V13.0
- Teamcenter V13.1
- Teamcenter V13.2
- Simcenter Femap V2020.2
- Simcenter Femap V2021.1
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Sensitive information disclosure
- Escalation of privilege
- Denial of service attack (DoS)
- Cross-site request forgery (CSRF)
Best practice and Recommendations:
The CERT team encourages users to review Siemens security advisory and apply the necessary updates:
- https://cert-portal.siemens.com/productcert/txt/ssa-841348.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-941426.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-913875.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-772220.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-729965.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-675303.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-661034.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-641963.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-622535.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-599968.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-560465.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-483182.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-448291.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-434536.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-434535.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-373591.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-352521.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-209268.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-173615.txt