The official site for Saudi CERT
Siemens Updates
2428
Warning Date
Severity Level
Warning Number
Target Sector
15 April, 2020
● High
2020-1144
All - Manufacturing
Description:
Siemens has released security updates to address vulnerabilities in the following products:
- APOGEE MEC/MBC/PXC (P2)
- APOGEE PXC Series (BACnet)
- APOGEE PXC Series (P2)
- Climatix POL908 (BACnet/IP module)
- Climatix POL909 (AWM module)
- CloudConnect 712
- Desigo PXC (Power PC)
- Desigo PXM20 (Power PC)
- Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet
- Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200
- Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P
- IE/PB-Link V3
- KTK ATE530S
- OpenPCS 7 V8.1
- OpenPCS 7 V8.2
- OpenPCS 7 V9.0
- ROX II
- RUGGEDCOM APE1404 Linux
- RUGGEDCOM RM1224
- RUGGEDCOM ROX II
- RUGGEDCOM RX1400 VPE Debian Linux
- RUGGEDCOM RX1400 VPE Linux CloudConnect
- SCALANCE M-800
- SCALANCE M-800 family
- SCALANCE M875
- SCALANCE S615
- SCALANCE SC-600
- SCALANCE W1700
- SCALANCE W1700 IEEE 802.11ac
- SCALANCE W700 IEEE 802.11a/b/g/n
- SCALANCE W700 IEEE 802.11n
- SCALANCE WLC711
- SCALANCE WLC712
- SCALANCE X-200 switch family (incl. SIPLUS NET variants)
- SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)
- SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)
- SIDOOR ATD430W
- SIDOOR ATE530S COATED
- SIDOOR ATE531S
- SIMATIC BATCH V8.1
- SIMATIC BATCH V8.2
- SIMATIC BATCH V9.0
- SIMATIC CFU PA
- SIMATIC CM 1542-1
- SIMATIC CP 1242-7
- SIMATIC CP 1243-1 (incl. SIPLUS NET variants)
- SIMATIC CP 1243-7 LTE EU
- SIMATIC CP 1243-7 LTE US
- SIMATIC CP 1243-8 IRC
- SIMATIC CP 1542SP-1
- SIMATIC CP 1542SP-1 IRC (incl. SIPLUS NET variants)
- SIMATIC CP 1543-1 (incl. SIPLUS NET variants)
- SIMATIC CP 1543SP-1 (incl. SIPLUS NET variants)
- SIMATIC CP 1623
- SIMATIC CP 1628
- SIMATIC CP 443-1 (incl. SIPLUS NET variants)
- SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants)
- SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)
- SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
- SIMATIC ET200AL
- SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0)
- SIMATIC ET200M (incl. SIPLUS variants)
- SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)
- SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)
- SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)
- SIMATIC ET200pro
- SIMATIC ET200S (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 MF HF
- SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)
- SIMATIC Field PG M4
- SIMATIC Field PG M5
- SIMATIC Field PG M6
- SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants)
- SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants)
- SIMATIC HMI KTP Mobile Panels
- SIMATIC IPC127E
- SIMATIC IPC427C
- SIMATIC IPC427D (incl. SIPLUS variants)
- SIMATIC IPC427E (incl. SIPLUS variants)
- SIMATIC IPC477C
- SIMATIC IPC477D
- SIMATIC IPC477E
- SIMATIC IPC477E Pro
- SIMATIC IPC527G
- SIMATIC IPC547E
- SIMATIC IPC547G
- SIMATIC IPC627C
- SIMATIC IPC627D
- SIMATIC IPC627E
- SIMATIC IPC647C
- SIMATIC IPC647D
- SIMATIC IPC647E
- SIMATIC IPC677C
- SIMATIC IPC677D
- SIMATIC IPC677E
- SIMATIC IPC827C
- SIMATIC IPC827D
- SIMATIC IPC827E
- SIMATIC IPC847C
- SIMATIC IPC847D
- SIMATIC IPC847E
- SIMATIC ITC1500
- SIMATIC ITC1500 PRO
- SIMATIC ITC1900
- SIMATIC ITC1900 PRO
- SIMATIC ITC2200
- SIMATIC ITC2200 PRO
- SIMATIC ITP1000
- SIMATIC MICRO-DRIVE PDC
- SIMATIC MV500
- SIMATIC NET PC Software
- SIMATIC PCS 7 V8.1
- SIMATIC PCS 7 V8.2
- SIMATIC PCS 7 V9.0
- SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)
- SIMATIC PROFINET Driver
- SIMATIC RF180C
- SIMATIC RF182C
- SIMATIC RF185C
- SIMATIC RF186C
- SIMATIC RF186CI
- SIMATIC RF188C
- SIMATIC RF188CI
- SIMATIC RF600R
- SIMATIC Route Control V8.1
- SIMATIC Route Control V8.2
- SIMATIC Route Control V9.0
- SIMATIC S7-1200 CPU family (incl. SIPLUS variants)
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (incl. SIPLUS variant)
- SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS
- SIMATIC S7-1500 Software Controller
- SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)
- SIMATIC S7-300 PN/DP CPU family (incl. related ET200 CPUs and SIPLUS
- SIMATIC S7-400 CPU 412-2 PN (6ES7412-2EK06-0AB0, incl. SIPLUS variants)
- SIMATIC S7-400 CPU 414-3 PN/DP (6ES7414-3EM05-0AB0)
- SIMATIC S7-400 CPU 414-3 PN/DP and CPU 414F-3 PN/DP (6ES7414-3EM06-0AB0
- SIMATIC S7-400 CPU 416-3 PN/DP (6ES7416-3ER05-0AB0, incl. SIPLUS
- SIMATIC S7-400 CPU 416-3 PN/DP and CPU 416F-3 PN (6ES7416-3ES06-0AB0 and
- SIMATIC S7-400 CPU 416F-3 PN/DP (6ES7416-3FR05-0AB0)
- SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)
- SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)
- SIMATIC S7-400 PN/DP V7 and below CPU family (incl. SIPLUS variants)
- SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)
- SIMATIC S7-410 CPU family (incl. SIPLUS variants)
- SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)
- SIMATIC TDC CP51M1
- SIMATIC TDC CPU555
- SIMATIC TeleService Adapter IE Advanced
- SIMATIC TeleService Adapter IE Basic
- SIMATIC WinAC RTX (F) 2010
- SIMATIC WinCC (TIA Portal) V13
- SIMATIC WinCC (TIA Portal) V14.0.1
- SIMATIC WinCC (TIA Portal) V15.1
- SIMATIC WinCC (TIA Portal) V16
- SIMATIC WinCC V7.3
- SIMATIC WinCC V7.4
- SIMATIC WinCC V7.5
- SIMOTICS CONNECT 400
- SIMOTION P320-4E
- SIMOTION P320-4S
- SINAMICS DCM
- SINAMICS DCP
- SINAMICS G110M V4.7 PN Control Unit
- SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants)
- SINAMICS G130 V4.7 Control Unit
- SINAMICS G150 Control Unit
- SINAMICS GH150 V4.7 Control Unit
- SINAMICS GL150 V4.7 Control Unit
- SINAMICS GM150 V4.7 Control Unit
- SINAMICS S/G Control Unit w. PROFINET
- SINAMICS S110 Control Unit
- SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)
- SINAMICS S150 Control Unit
- SINAMICS SL150 V4.7 Control Unit
- SINAMICS SM120 V4.7 Control Unit
- SINEMA Remote Connect Server
- SINUMERIK 808D
- SINUMERIK 828D
- SINUMERIK 840D sl
- TALON TC Series (BACnet)
- TIA Portal V14
- TIA Portal V15
- TIA Portal V16
- TIM 1531 IRC (incl. SIPLUS NET variants)
- TIM 3V-IE (incl. SIPLUS NET variants)
- TIM 3V-IE Advanced (incl. SIPLUS NET variants)
- TIM 3V-IE DNP3 (incl. SIPLUS NET variants)
- TIM 4R-IE (incl. SIPLUS NET variants)
- TIM 4R-IE DNP3 (incl. SIPLUS NET variants)
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS) -remotely
- Execute arbitrary code
- Cross-site scripting (XSS)
Best practice and Recommendations:
The CERT team encourages users to review Siemens security advisory and apply the necessary updates:
- https://cert-portal.siemens.com/productcert/txt/ssa-617264.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-589272.txt
- https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt
- https://cert-portal.siemens.com/productcert/txt/ssb-382508.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-629512.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-473245.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-462066.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-431678.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-398519.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-270778.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-886514.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-593272.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-377115.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-359303.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-162506.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-102233.txt
Rate the content
Share the page
