Your review has been sent successfully

Siemens Updates

2882
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Warning Date

Severity Level

Warning Number

Target Sector

11 March, 2020

● Critical

2020-1006

All - Energy - Manufacturing

Description:

Siemens has released security updates to address vulnerabilities in the following products:

  • SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)
  • SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
  • SIMATIC S7 PLCSIM Advanced
  • SIMATIC S7-1200 CPU family (incl. SIPLUS variants)
  • SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS
  • SIMATIC S7-1500 Software Controller
  • OpenPCS 7 V8.1
  • OpenPCS 7 V8.2
  • OpenPCS 7 V9.0
  • SIMATIC BATCH V8.1
  • SIMATIC BATCH V8.2
  • SIMATIC BATCH V9.0
  • SIMATIC NET PC Software
  • SIMATIC PCS 7 V8.1
  • SIMATIC PCS 7 V8.2
  • SIMATIC PCS 7 V9.0
  • SIMATIC Route Control V8.1
  • SIMATIC Route Control V8.2
  • SIMATIC Route Control V9.0
  • SIMATIC WinCC (TIA Portal) V13
  • SIMATIC WinCC (TIA Portal) V14.0.1
  • SIMATIC WinCC (TIA Portal) V15.1
  • SIMATIC WinCC (TIA Portal) V16
  • SIMATIC WinCC V7.3
  • SIMATIC WinCC V7.4
  • SIMATIC WinCC V7.5
  • SIMATIC CP 1626
  • SIMATIC HMI Panel (incl. SIPLUS variants)
  • SIMATIC STEP 7 (TIA Portal)
  • SIMATIC WinCC (TIA Portal)
  • SIMATIC WinCC OA
  • SIMATIC WinCC Runtime Advanced
  • SIMATIC WinCC Runtime Professional
  • TIM 1531 IRC (incl. SIPLUS NET variants)
  • SIMATIC CP 443-1 OPC UA
  • SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants)
  • SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants)
  • SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and
  • SIMATIC IPC DiagMonitor
  • SIMATIC RF188C
  • SIMATIC RF600R
  • SINEC-NMS
  • SINEMA Server
  • SINUMERIK OPC UA Server
  • TeleControl Server Basic
  • Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet
  • Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200
  • Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P
  • SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)
  • SIMATIC CP1604
  • SIMATIC CP1616
  • SIMATIC ET200M (incl. SIPLUS variants)
  • SIMATIC ET200S (incl. SIPLUS variants)
  • SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0)
  • SIMATIC ET200pro
  • SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant)
  • SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)
  • SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)
  • SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)
  • SIMATIC WinAC RTX (F) 2010
  • SIMOTION (incl. SIPLUS variants)
  • SINAMICS DCM
  • SINAMICS DCP
  • SINAMICS G110M V4.7 Control Unit
  • SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants)
  • SINAMICS G130 V4.7 Control Unit
  • SINAMICS G150 Control Unit
  • SINAMICS GH150 V4.7 Control Unit
  • SINAMICS GL150 V4.7 Control Unit
  • SINAMICS GM150 V4.7 Control Unit
  • SINAMICS S110 Control Unit
  • SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants)
  • SINAMICS S150 Control Unit
  • SINAMICS SL150 V4.7 Control Unit
  • SINAMICS SM120 V4.7 Control Unit
  • SINUMERIK 828D
  • SINUMERIK 840D sl
  • SIMATIC Field PG M4
  • SIMATIC Field PG M5
  • SIMATIC Field PG M6
  • SIMATIC IPC127E
  • SIMATIC IPC427C
  • SIMATIC IPC427D (incl. SIPLUS variants)
  • SIMATIC IPC427E (incl. SIPLUS variants)
  • SIMATIC IPC477C
  • SIMATIC IPC477D
  • SIMATIC IPC477E
  • SIMATIC IPC477E Pro
  • SIMATIC IPC527G
  • SIMATIC IPC547E
  • SIMATIC IPC547G
  • SIMATIC IPC627C
  • SIMATIC IPC627D
  • SIMATIC IPC627E
  • SIMATIC IPC647C
  • SIMATIC IPC647D
  • SIMATIC IPC647E
  • SIMATIC IPC677C
  • SIMATIC IPC677D
  • SIMATIC IPC677E
  • SIMATIC IPC827C
  • SIMATIC IPC827D
  • SIMATIC IPC827E
  • SIMATIC IPC847C
  • SIMATIC IPC847D
  • SIMATIC IPC847E
  • SIMATIC ITP1000
  • SIMOTION P320-4E
  • SIMOTION P320-4S
  • SIMATIC S7-300 PN/DP CPU family (incl. related ET200 CPUs and SIPLUS
  • SPPA-T3000 Application Server
  • SPPA-T3000 MS3000 Migration Server
  • CloudConnect 712
  • ROX II
  • RUGGEDCOM APE1404 Linux
  • RUGGEDCOM RM1224
  • RUGGEDCOM RX1400 VPE Debian Linux
  • RUGGEDCOM RX1400 VPE Linux CloudConnect
  • SCALANCE M-800
  • SCALANCE M875
  • SCALANCE S615
  • SCALANCE SC-600
  • SCALANCE W1700
  • SCALANCE W700 (IEEE 802.11n)
  • SCALANCE WLC711
  • SCALANCE WLC712
  • SIMATIC CM 1542-1
  • SIMATIC CP 1242-7
  • SIMATIC CP 1243-1 (incl. SIPLUS NET variants)
  • SIMATIC CP 1243-7 LTE EU
  • SIMATIC CP 1243-7 LTE US
  • SIMATIC CP 1243-8 IRC
  • SIMATIC CP 1542SP-1
  • SIMATIC CP 1542SP-1 IRC (incl. SIPLUS NET variants)
  • SIMATIC CP 1543-1 (incl. SIPLUS NET variants)
  • SIMATIC CP 1543SP-1 (incl. SIPLUS NET variants)
  • SIMATIC CP 1623
  • SIMATIC CP 1628
  • SIMATIC ITC1500
  • SIMATIC ITC1500 PRO
  • SIMATIC ITC1900
  • SIMATIC ITC1900 PRO
  • SIMATIC ITC2200
  • SIMATIC ITC2200 PRO
  • SIMATIC MV500
  • SIMATIC RF185C
  • SIMATIC RF186C
  • SIMATIC RF186CI
  • SIMATIC RF188CI
  • SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (incl. SIPLUS variant)
  • SIMATIC TeleService Adapter IE Advanced
  • SIMATIC TeleService Adapter IE Basic
  • SINEMA Remote Connect Server
  • SINUMERIK 808D
  • SIMATIC CFU PA
  • SIMATIC ET200AL
  • SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)
  • SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)
  • SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)
  • SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)
  • SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)
  • SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)
  • SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)
  • SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)
  • SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)
  • SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)
  • SIMATIC HMI KTP Mobile Panels
  • SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)
  • SIMATIC PROFINET Driver
  • SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)
  • SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)
  • SINAMICS G110M V4.7 PN Control Unit
  • SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants)
  • SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)
  • RFID 181EIP
  • SIMATIC CP 1616 and CP 1604
  • SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants)
  • SIMATIC CP 443-1 (incl. SIPLUS NET variants)
  • SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants)
  • SIMATIC RF182C
  • SIMATIC RF600 family
  • SIMATIC S7-PLCSIM Advanced
  • SIMATIC Teleservice Adapter IE Standard
  • SIMOCODE pro V EIP (incl. SIPLUS variants)
  • SIMOCODE pro V PN (incl. SIPLUS variants)
  • SINAMICS G130 V4.6 Control Unit
  • SINAMICS G130 V4.7 SP1 Control Unit
  • SINAMICS G130 V4.8 Control Unit
  • SINAMICS G130 V5.1 Control Unit
  • SINAMICS G130 V5.1 SP1 Control Unit
  • SINAMICS G150 V4.6 Control Unit
  • SINAMICS G150 V4.7 Control Unit
  • SINAMICS G150 V4.7 SP1 Control Unit
  • SINAMICS G150 V4.8 Control Unit
  • SINAMICS G150 V5.1 Control Unit
  • SINAMICS G150 V5.1 SP1 Control Unit
  • SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)
  • SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)
  • SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)
  • SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)
  • SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)
  • SINAMICS S150 V4.6 Control Unit
  • SINAMICS S150 V4.7 Control Unit
  • SINAMICS S150 V4.7 SP1 Control Unit
  • SINAMICS S150 V4.8 Control Unit
  • SINAMICS S150 V5.1 Control Unit
  • SINAMICS S150 V5.1 SP1 Control Unit
  • SINAMICS S210 V5.1 Control Unit
  • SINAMICS S210 V5.1 SP1 Control Unit
  • SITOP Manager
  • SITOP PSU8600
  • SITOP UPS1600 (incl. SIPLUS variants)
  • SIMATIC IPC2X7E
  • SIMATIC IPC3000 SMART V2
  • SIMATIC IPC327E
  • SIMATIC IPC347E
  • SIMATIC IPC377E
  • SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (MLFB:6ES7518-4FX00-1AC0,
  • SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP (incl. SIPLUS variant,
  • SINUMERIK 840 D sl (NCU720.3B, NCU730.3B, NCU720.3, NCU730.3)
  • SINUMERIK PCU 50.5
  • SINUMERIK Panels with integrated TCU
  • SINUMERIK TCU 30.3
  • PROFINET Driver for Controller
  • SCALANCE M-800 / S615
  • SCALANCE W700 IEEE 802.11n
  • SCALANCE X-200 switch family (incl. SIPLUS NET variants)
  • SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)
  • SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG
  • SCALANCE XM-400 switch family
  • SCALANCE XR-500 switch family
  • SIMATIC CP 343-1 (incl. SIPLUS NET variants)
  • SIMATIC CP 343-1 ERPC
  • SIMATIC CP 343-1 LEAN (incl. SIPLUS NET variants)
  • SIMATIC ET200AL IM 157-1 PN
  • SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants)
  • SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants)
  • SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants)
  • SIMATIC ET200pro, IM 154-3 PN HF
  • SIMATIC ET200pro, IM 154-4 PN HF
  • SIMATIC IPC Support, Package for VxWorks
  • SIMATIC MV400 family
  • SIMATIC RF180C
  • SOFTNET-IE PNIO
  • SiNVR 3 Central Control Server (CCS)
  • SiNVR 3 Video Server
  • Spectrum Power™ 5

Threats:

Attacker could exploit these vulnerabilities by doing the following:

  • Denial of service attack (DoS) -remotely
  • Cross-site scripting (XSS)
  • SQL injection
  • Escalation of privilege
  • Execute arbitrary code -remotely

Best practice and Recommendations:

The CERT team encourages users to review Siemens security advisory and apply the necessary updates:

Last updated at 11 March, 2020

Rate the content

rate-icon
up icon