Siemens Updates
2882Warning Date
Severity Level
Warning Number
Target Sector
11 March, 2020
● Critical
2020-1006
All - Energy - Manufacturing
Description:
Siemens has released security updates to address vulnerabilities in the following products:
- SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)
- SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
- SIMATIC S7 PLCSIM Advanced
- SIMATIC S7-1200 CPU family (incl. SIPLUS variants)
- SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS
- SIMATIC S7-1500 Software Controller
- OpenPCS 7 V8.1
- OpenPCS 7 V8.2
- OpenPCS 7 V9.0
- SIMATIC BATCH V8.1
- SIMATIC BATCH V8.2
- SIMATIC BATCH V9.0
- SIMATIC NET PC Software
- SIMATIC PCS 7 V8.1
- SIMATIC PCS 7 V8.2
- SIMATIC PCS 7 V9.0
- SIMATIC Route Control V8.1
- SIMATIC Route Control V8.2
- SIMATIC Route Control V9.0
- SIMATIC WinCC (TIA Portal) V13
- SIMATIC WinCC (TIA Portal) V14.0.1
- SIMATIC WinCC (TIA Portal) V15.1
- SIMATIC WinCC (TIA Portal) V16
- SIMATIC WinCC V7.3
- SIMATIC WinCC V7.4
- SIMATIC WinCC V7.5
- SIMATIC CP 1626
- SIMATIC HMI Panel (incl. SIPLUS variants)
- SIMATIC STEP 7 (TIA Portal)
- SIMATIC WinCC (TIA Portal)
- SIMATIC WinCC OA
- SIMATIC WinCC Runtime Advanced
- SIMATIC WinCC Runtime Professional
- TIM 1531 IRC (incl. SIPLUS NET variants)
- SIMATIC CP 443-1 OPC UA
- SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants)
- SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants)
- SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and
- SIMATIC IPC DiagMonitor
- SIMATIC RF188C
- SIMATIC RF600R
- SINEC-NMS
- SINEMA Server
- SINUMERIK OPC UA Server
- TeleControl Server Basic
- Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet
- Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200
- Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P
- SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)
- SIMATIC CP1604
- SIMATIC CP1616
- SIMATIC ET200M (incl. SIPLUS variants)
- SIMATIC ET200S (incl. SIPLUS variants)
- SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0)
- SIMATIC ET200pro
- SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant)
- SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)
- SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)
- SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)
- SIMATIC WinAC RTX (F) 2010
- SIMOTION (incl. SIPLUS variants)
- SINAMICS DCM
- SINAMICS DCP
- SINAMICS G110M V4.7 Control Unit
- SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants)
- SINAMICS G130 V4.7 Control Unit
- SINAMICS G150 Control Unit
- SINAMICS GH150 V4.7 Control Unit
- SINAMICS GL150 V4.7 Control Unit
- SINAMICS GM150 V4.7 Control Unit
- SINAMICS S110 Control Unit
- SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants)
- SINAMICS S150 Control Unit
- SINAMICS SL150 V4.7 Control Unit
- SINAMICS SM120 V4.7 Control Unit
- SINUMERIK 828D
- SINUMERIK 840D sl
- SIMATIC Field PG M4
- SIMATIC Field PG M5
- SIMATIC Field PG M6
- SIMATIC IPC127E
- SIMATIC IPC427C
- SIMATIC IPC427D (incl. SIPLUS variants)
- SIMATIC IPC427E (incl. SIPLUS variants)
- SIMATIC IPC477C
- SIMATIC IPC477D
- SIMATIC IPC477E
- SIMATIC IPC477E Pro
- SIMATIC IPC527G
- SIMATIC IPC547E
- SIMATIC IPC547G
- SIMATIC IPC627C
- SIMATIC IPC627D
- SIMATIC IPC627E
- SIMATIC IPC647C
- SIMATIC IPC647D
- SIMATIC IPC647E
- SIMATIC IPC677C
- SIMATIC IPC677D
- SIMATIC IPC677E
- SIMATIC IPC827C
- SIMATIC IPC827D
- SIMATIC IPC827E
- SIMATIC IPC847C
- SIMATIC IPC847D
- SIMATIC IPC847E
- SIMATIC ITP1000
- SIMOTION P320-4E
- SIMOTION P320-4S
- SIMATIC S7-300 PN/DP CPU family (incl. related ET200 CPUs and SIPLUS
- SPPA-T3000 Application Server
- SPPA-T3000 MS3000 Migration Server
- CloudConnect 712
- ROX II
- RUGGEDCOM APE1404 Linux
- RUGGEDCOM RM1224
- RUGGEDCOM RX1400 VPE Debian Linux
- RUGGEDCOM RX1400 VPE Linux CloudConnect
- SCALANCE M-800
- SCALANCE M875
- SCALANCE S615
- SCALANCE SC-600
- SCALANCE W1700
- SCALANCE W700 (IEEE 802.11n)
- SCALANCE WLC711
- SCALANCE WLC712
- SIMATIC CM 1542-1
- SIMATIC CP 1242-7
- SIMATIC CP 1243-1 (incl. SIPLUS NET variants)
- SIMATIC CP 1243-7 LTE EU
- SIMATIC CP 1243-7 LTE US
- SIMATIC CP 1243-8 IRC
- SIMATIC CP 1542SP-1
- SIMATIC CP 1542SP-1 IRC (incl. SIPLUS NET variants)
- SIMATIC CP 1543-1 (incl. SIPLUS NET variants)
- SIMATIC CP 1543SP-1 (incl. SIPLUS NET variants)
- SIMATIC CP 1623
- SIMATIC CP 1628
- SIMATIC ITC1500
- SIMATIC ITC1500 PRO
- SIMATIC ITC1900
- SIMATIC ITC1900 PRO
- SIMATIC ITC2200
- SIMATIC ITC2200 PRO
- SIMATIC MV500
- SIMATIC RF185C
- SIMATIC RF186C
- SIMATIC RF186CI
- SIMATIC RF188CI
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (incl. SIPLUS variant)
- SIMATIC TeleService Adapter IE Advanced
- SIMATIC TeleService Adapter IE Basic
- SINEMA Remote Connect Server
- SINUMERIK 808D
- SIMATIC CFU PA
- SIMATIC ET200AL
- SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)
- SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)
- SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)
- SIMATIC HMI KTP Mobile Panels
- SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)
- SIMATIC PROFINET Driver
- SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)
- SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)
- SINAMICS G110M V4.7 PN Control Unit
- SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants)
- SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)
- RFID 181EIP
- SIMATIC CP 1616 and CP 1604
- SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants)
- SIMATIC CP 443-1 (incl. SIPLUS NET variants)
- SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants)
- SIMATIC RF182C
- SIMATIC RF600 family
- SIMATIC S7-PLCSIM Advanced
- SIMATIC Teleservice Adapter IE Standard
- SIMOCODE pro V EIP (incl. SIPLUS variants)
- SIMOCODE pro V PN (incl. SIPLUS variants)
- SINAMICS G130 V4.6 Control Unit
- SINAMICS G130 V4.7 SP1 Control Unit
- SINAMICS G130 V4.8 Control Unit
- SINAMICS G130 V5.1 Control Unit
- SINAMICS G130 V5.1 SP1 Control Unit
- SINAMICS G150 V4.6 Control Unit
- SINAMICS G150 V4.7 Control Unit
- SINAMICS G150 V4.7 SP1 Control Unit
- SINAMICS G150 V4.8 Control Unit
- SINAMICS G150 V5.1 Control Unit
- SINAMICS G150 V5.1 SP1 Control Unit
- SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)
- SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)
- SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)
- SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)
- SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)
- SINAMICS S150 V4.6 Control Unit
- SINAMICS S150 V4.7 Control Unit
- SINAMICS S150 V4.7 SP1 Control Unit
- SINAMICS S150 V4.8 Control Unit
- SINAMICS S150 V5.1 Control Unit
- SINAMICS S150 V5.1 SP1 Control Unit
- SINAMICS S210 V5.1 Control Unit
- SINAMICS S210 V5.1 SP1 Control Unit
- SITOP Manager
- SITOP PSU8600
- SITOP UPS1600 (incl. SIPLUS variants)
- SIMATIC IPC2X7E
- SIMATIC IPC3000 SMART V2
- SIMATIC IPC327E
- SIMATIC IPC347E
- SIMATIC IPC377E
- SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (MLFB:6ES7518-4FX00-1AC0,
- SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP (incl. SIPLUS variant,
- SINUMERIK 840 D sl (NCU720.3B, NCU730.3B, NCU720.3, NCU730.3)
- SINUMERIK PCU 50.5
- SINUMERIK Panels with integrated TCU
- SINUMERIK TCU 30.3
- PROFINET Driver for Controller
- SCALANCE M-800 / S615
- SCALANCE W700 IEEE 802.11n
- SCALANCE X-200 switch family (incl. SIPLUS NET variants)
- SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)
- SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG
- SCALANCE XM-400 switch family
- SCALANCE XR-500 switch family
- SIMATIC CP 343-1 (incl. SIPLUS NET variants)
- SIMATIC CP 343-1 ERPC
- SIMATIC CP 343-1 LEAN (incl. SIPLUS NET variants)
- SIMATIC ET200AL IM 157-1 PN
- SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants)
- SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants)
- SIMATIC ET200pro, IM 154-3 PN HF
- SIMATIC ET200pro, IM 154-4 PN HF
- SIMATIC IPC Support, Package for VxWorks
- SIMATIC MV400 family
- SIMATIC RF180C
- SOFTNET-IE PNIO
- SiNVR 3 Central Control Server (CCS)
- SiNVR 3 Video Server
- Spectrum Power™ 5
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS) -remotely
- Cross-site scripting (XSS)
- SQL injection
- Escalation of privilege
- Execute arbitrary code -remotely
Best practice and Recommendations:
The CERT team encourages users to review Siemens security advisory and apply the necessary updates:
- https://cert-portal.siemens.com/productcert/txt/ssa-844761.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-508982.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-938930.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-270778.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-398519.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-431678.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-451445.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-750824.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-780073.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-232418.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-273799.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-349422.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-473245.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-462066.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-307392.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-480230.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-616472.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-731239.txt