The official site for Saudi CERT
Your review has been sent successfully
Siemens Updates
1783
Warning Date
Severity Level
Warning Number
Target Sector
14 July, 2021
● High
2021-3190
All
Description:
Siemens has released security updates to address several vulnerabilities in the following products:
- SCALANCE S602
- SCALANCE S612
- SCALANCE S623
- SCALANCE S627-2M
- SCALANCE X-200 switch family (incl. SIPLUS NET variants)
- SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)
- SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)
- SIMATIC NET CP 443-1 (incl. SIPLUS variants)
- SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants)
- SIMATIC RF180C
- SIMATIC RF182C
- SIMATIC NET CP 343-1 Std (incl. SIPLUS variants)
- SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants)
- SIMATIC NET CP 343-1 Adv (incl. SIPLUS variants)
- SIMATIC NET CP 443-1 Std (incl. SIPLUS variants)
- SIMATIC NET CP 443-1 Adv (incl. SIPLUS variants)
- SIMATIC NET CP 443-1 OPC-UA
- SIMATIC NET CP 1243-1 (incl. SIPLUS variants)
- SIMATIC NET CP 1243-1 IRC (incl. SIPLUS variants)
- SIMATIC NET CP 1243-1 IEC (incl. SIPLUS variants)
- SIMATIC NET CP 1243-1 DNP3 (incl. SIPLUS variants)
- SIMATIC NET CM 1542-1
- SIMATIC NET CM 1542SP-1
- SIMATIC NET CP 1542SP-1 IRC (incl. SIPLUS variants)
- SIMATIC NET CP 1543SP-1 (incl. SIPLUS variants)
- SIMATIC NET CP 1543-1 (incl. SIPLUS variants)
- SIMATIC RF650R
- SIMATIC RF680R
- SIMATIC RF685R
- SIMATIC NET CP 1616
- SIMATIC NET CP 1604
- SIMATIC DK-16xx PN IO
- SCALANCE X-300 switch family (incl. SIPLUS NET variants)
- SCALANCE X408
- SCALANCE X414
- SCALANCE XM400
- SCALANCE XR500
- SCALANCE W700
- SCALANCE M-800 / S615
- Softnet PROFINET IO for PC-based Windows systems
- IE/PB-Link (incl. SIPLUS NET variants)
- IE/AS-i Link PN IO
- SIMATIC Teleservice Adapter IE Basic
- SIMATIC Teleservice Adapter IE Standard
- SIMATIC Teleservice Adapter IE Advanced
- SITOP PSU8600 PROFINET
- SITOP UPS1600 PROFINET (incl. SIPLUS variants)
- SIMATIC ET200AL
- SIMATIC ET200ecoPN (except 6ES7141-6BG00-0BB0, 6ES7141-6BH00-0BB0,
- SIMATIC ET200M (incl. SIPLUS variants)
- SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)
- SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)
- SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)
- SIMATIC ET200pro
- SIMATIC ET200S (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)
- SIMATIC ET200SP (incl. SIPLUS variants, except IM155-6 PN ST and IM155-6
- SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)
- Development/Evaluation Kit DK Standard Ethernet Controller
- Development/Evaluation Kit EK-ERTEC 200P
- Development/Evaluation Kit EK-ERTEC 200
- SIMATIC S7-200 SMART
- SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)
- SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants)
- SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)
- SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)
- SIMATIC S7-410 CPU family (incl. SIPLUS variants)
- SIMATIC S7-1200 CPU family (incl. SIPLUS variants)
- SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS
- SIMATIC S7-1500 Software Controller (incl. F)
- SIMATIC WinAC RTX (F) 2010
- SIRIUS ACT 3SU1 interface module PROFINET
- SIRIUS Soft Starter 3RW44 PN
- SIRIUS Motor Starter M200D PROFINET
- SIMOCODE pro V PN (incl. SIPLUS variants)
- SINAMICS DCM w. PN
- SINAMICS DCP w. PN
- SINAMICS G110M w. PN
- SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants)
- SINAMICS G130 V4.7 w. PN
- SINAMICS G150 V4.7 w. PN
- SINAMICS G130 V4.8 w. PN
- SINAMICS G150 V4.8 w. PN
- SINAMICS S110 w. PN
- SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants)
- SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants)
- SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants)
- SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants)
- SINAMICS S150 V4.7 w. PN
- SINAMICS S150 V4.8 w. PN
- SINAMICS V90 w. PN
- SIMOTION (incl. SIPLUS variants)
- SINUMERIK 828D V4.5 and prior
- SINUMERIK 828D V4.7
- SINUMERIK 840D sl V4.5 and prior
- SINUMERIK 840D sl V4.7
- SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels
- SIMATIC TDC CPU555
- SIMATIC TDC CP51M1
- SIMATIC Automation Tool
- SIMATIC NET PC software
- SIMATIC PCS neo
- SIMATIC ProSave
- SIMATIC S7-1500 Software Controller
- SIMATIC STEP 7
- SIMATIC STEP 7 (TIA Portal) V13
- SIMATIC STEP 7 (TIA Portal) V14
- SIMATIC STEP 7 (TIA Portal) V15
- SIMATIC STEP 7 (TIA Portal) V16
- SIMATIC WinCC OA V3.16
- SIMATIC WinCC OA V3.17
- SIMATIC WinCC Runtime Advanced
- SIMATIC WinCC Runtime Professional V13
- SIMATIC WinCC Runtime Professional V14
- SIMATIC WinCC Runtime Professional V15
- SIMATIC WinCC Runtime Professional V16
- SIMATIC WinCC V7.4
- SIMATIC WinCC V7.5
- SINAMICS STARTER commissioning tool
- SINAMICS Startdrive
- SINEC NMS
- SINEMA Server
- SINUMERIK ONE virtual
- SINUMERIK Operate
- SIMATIC S7-400 PN/DP V6 CPU family and below (incl. SIPLUS variants)
- SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants)
- SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)
- Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet
- Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P
- Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200
- SIMOTION D (incl. SIPLUS variants)
- SIMOTION C
- SIMOTION P V4.4 and V4.5
- SIMOTION P V5
- SINUMERIK 840D sl
- SIMATIC Compact Field Unit
- SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant)
- SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)
- SINAMICS DCM
- SINAMICS DCP
- SINAMICS G110M V4.7 Control Unit
- SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants)
- SINAMICS G130 V4.7 Control Unit
- SINAMICS G150 Control Unit
- SINAMICS GH150 V4.7 Control Unit
- SINAMICS GL150 V4.7 Control Unit
- SINAMICS GM150 V4.7 Control Unit
- SINAMICS S110 Control Unit
- SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants)
- SINAMICS S150 Control Unit
- SINAMICS SL150 V4.7 Control Unit
- SINAMICS SM120 V4.7 Control Unit
- SINUMERIK 828D
- SICAM WEB firmware for SICAM A8000 RTUs
- Automation License Manager 5
- Automation License Manager 6
- CloudConnect 712
- ROX II
- RUGGEDCOM APE1404 Linux
- RUGGEDCOM RM1224
- RUGGEDCOM RX1400 VPE Debian Linux
- RUGGEDCOM RX1400 VPE Linux CloudConnect
- SCALANCE M875
- SCALANCE SC-600
- SCALANCE W1700
- SCALANCE W700 IEEE 802.11n
- SCALANCE WLC711
- SCALANCE WLC712
- SIMATIC CM 1542-1
- SIMATIC ITC1500
- SIMATIC ITC1500 PRO
- SIMATIC ITC1900
- SIMATIC ITC1900 PRO
- SIMATIC ITC2200
- SIMATIC ITC2200 PRO
- SIMATIC MV500
- SIMATIC NET CP 1242-7
- SIMATIC NET CP 1243-1 (incl. SIPLUS NET variants)
- SIMATIC NET CP 1243-7 LTE EU
- SIMATIC NET CP 1243-7 LTE US
- SIMATIC NET CP 1243-8 IRC
- SIMATIC NET CP 1542SP-1
- SIMATIC NET CP 1542SP-1 IRC (incl. SIPLUS NET variants)
- SIMATIC NET CP 1543-1 (incl. SIPLUS NET variants)
- SIMATIC NET CP 1543SP-1 (incl. SIPLUS NET variants)
- SIMATIC NET CP 1623
- SIMATIC NET CP 1628
- SIMATIC NET CP 343-1 Advanced (incl. SIPLUS NET variants)
- SIMATIC NET CP 442-1 RNA
- SIMATIC NET CP 443-1 (incl. SIPLUS NET variants)
- SIMATIC NET CP 443-1 Advanced (incl. SIPLUS NET variants)
- SIMATIC NET CP 443-1 OPC UA
- SIMATIC NET CP 443-1 RNA
- SIMATIC RF185C
- SIMATIC RF186C
- SIMATIC RF186CI
- SIMATIC RF188C
- SIMATIC RF188CI
- SIMATIC RF600R
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (incl. SIPLUS variant)
- SINEMA Remote Connect Server
- SINUMERIK 808D
- TIM 1531 IRC (incl. SIPLUS NET variants)
- SIMATIC CFU PA
- SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)
- SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants)
- SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants)
- SIMATIC HMI KTP Mobile Panels
- SIMATIC PROFINET Driver
- SINAMICS G110M V4.7 PN Control Unit
- SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants)
- SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)
- RFID 181EIP
- SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
- SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and
- SIMATIC IPC DiagMonitor
- SIMATIC NET CP 1616 and CP 1604
- SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants)
- SIMATIC RF600 family
- SIMATIC S7-PLCSIM Advanced
- SIMOCODE pro V EIP (incl. SIPLUS variants)
- SINAMICS G130 V4.6 Control Unit
- SINAMICS G130 V4.7 SP1 Control Unit
- SINAMICS G130 V4.8 Control Unit
- SINAMICS G130 V5.1 Control Unit
- SINAMICS G130 V5.1 SP1 Control Unit
- SINAMICS G150 V4.6 Control Unit
- SINAMICS G150 V4.7 Control Unit
- SINAMICS G150 V4.7 SP1 Control Unit
- SINAMICS G150 V4.8 Control Unit
- SINAMICS G150 V5.1 Control Unit
- SINAMICS G150 V5.1 SP1 Control Unit
- SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)
- SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)
- SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)
- SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)
- SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)
- SINAMICS S150 V4.6 Control Unit
- SINAMICS S150 V4.7 Control Unit
- SINAMICS S150 V4.7 SP1 Control Unit
- SINAMICS S150 V4.8 Control Unit
- SINAMICS S150 V5.1 Control Unit
- SINAMICS S150 V5.1 SP1 Control Unit
- SINAMICS S210 V5.1 Control Unit
- SINAMICS S210 V5.1 SP1 Control Unit
- SITOP Manager
- SITOP PSU8600
- SITOP UPS1600 (incl. SIPLUS variants)
- SIMATIC IT Production Suite
- SIMATIC PCS 7
- SIMATIC WinCC
- Camstar Enterprise Platform
- Opcenter Execution Core
- SIMATIC RF350M
- SIMATIC RF650M
- SIMOTICS CONNECT 400
- PROFINET Driver for Controller
- SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG
- SCALANCE XM-400 switch family
- SCALANCE XR-500 switch family
- SIMATIC ET200AL IM 157-1 PN
- SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants)
- SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants)
- SIMATIC ET200pro, IM 154-3 PN HF
- SIMATIC ET200pro, IM 154-4 PN HF
- SIMATIC IPC Support, Package for VxWorks
- SIMATIC MV400 family
- SIMATIC NET CP 343-1 (incl. SIPLUS variants)
- SIMATIC NET CP 343-1 ERPC
- SOFTNET-IE PNIO
- Desigo CC
- Desigo CC Compact
- Opcenter Execution Discrete
- Opcenter Execution Foundation
- Opcenter Execution Process
- Opcenter Intelligence
- Opcenter Quality
- Opcenter RD&L
- SIMATIC IT LMS
- SIMATIC Notifier Server for Windows
- SIMOCODE ES
- Soft Starter ES
- IE/PB LINK PN IO (incl. SIPLUS NET variants)
- SIMATIC NET CP 1626
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Bypass of a protection mechanism
- Denial of service attack (DoS)
- Execute arbitrary code
- Buffer overflow
Best practice and Recommendations:
The CERT team encourages users to review Siemens security advisory and apply the necessary updates:
- https://cert-portal.siemens.com/productcert/txt/ssa-841348.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-941426.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-913875.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-772220.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-729965.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-675303.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-661034.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-641963.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-622535.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-599968.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-560465.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-483182.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-448291.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-434536.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-434535.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-373591.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-352521.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-209268.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-173615.txt
Last updated at 14 July, 2021
Rate the content
Share the page
