Siemens Updates
2539Warning Date
Severity Level
Warning Number
Target Sector
15 March, 2020
● High
2020-1016
All
Description:
Siemens has released security updates to address vulnerabilities in the following products:
- Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet
- Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200
- Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P
- PROFINET Driver for Controller
- RUGGEDCOM RM1224
- SCALANCE M-800 / S615
- SCALANCE W700 IEEE 802.11n
- SCALANCE X-200 switch family (incl. SIPLUS NET variants)
- SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)
- SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)
- SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG
- SCALANCE XM-400 switch family
- SCALANCE XR-500 switch family
- SIMATIC CP 1616 and CP 1604
- SIMATIC CP 343-1 (incl. SIPLUS NET variants)
- SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants)
- SIMATIC CP 343-1 ERPC
- SIMATIC CP 343-1 LEAN (incl. SIPLUS NET variants)
- SIMATIC CP 443-1 (incl. SIPLUS NET variants)
- SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants)
- SIMATIC CP 443-1 OPC UA
- SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)
- SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
- SIMATIC ET200AL IM 157-1 PN
- SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0)
- SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants)
- SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants)
- SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)
- SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)
- SIMATIC ET200pro, IM 154-3 PN HF
- SIMATIC ET200pro, IM 154-4 PN HF
- SIMATIC ET200S (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)
- SIMATIC IPC Support, Package for VxWorks
- SIMATIC MV400 family
- SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant)
- SIMATIC RF180C
- SIMATIC RF182C
- SIMATIC RF600 family
- SIMATIC S7 PLCSIM Advanced
- SIMATIC S7-1200 CPU family (incl. SIPLUS variants)
- SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS
- SIMATIC S7-1500 Software Controller
- SINAMICS DCP
- SOFTNET-IE PNIO
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Man in the middle attack
Best practice and Recommendations:
The CERT team encourages users to review Siemens security advisory and apply the necessary updates: