Siemens Updates
2141Warning Date
Severity Level
Warning Number
Target Sector
13 May, 2020
● High
2020-1231
All - Manufacturing
Description:
Siemens has released security updates to address vulnerabilities in the following products:
- OpenPCS 7 V8.1
- OpenPCS 7 V8.2
- OpenPCS 7 V9.0
- SIMATIC BATCH V8.1
- SIMATIC BATCH V8.2
- SIMATIC BATCH V9.0
- SIMATIC NET PC Software
- SIMATIC PCS 7 V8.1
- SIMATIC PCS 7 V8.2
- SIMATIC PCS 7 V9.0
- SIMATIC Route Control V8.1
- SIMATIC Route Control V8.2
- SIMATIC Route Control V9.0
- SIMATIC WinCC (TIA Portal) V13
- SIMATIC WinCC (TIA Portal) V14
- SIMATIC WinCC (TIA Portal) V15.1
- SIMATIC WinCC (TIA Portal) V16
- SIMATIC WinCC V7.3
- SIMATIC WinCC V7.4
- SIMATIC WinCC V7.5
- Siemens Power Meters Series 9410
- Siemens Power Meters Series 9810
- RUGGEDCOM RM1224
- RUGGEDCOM ROX II
- SCALANCE M-800 family
- SCALANCE S615
- SCALANCE SC-600
- SCALANCE W1700 IEEE 802.11ac
- SCALANCE W700 IEEE 802.11a/b/g/n
- SIMATIC CP 1242-7
- SIMATIC CP 1243-1 (incl. SIPLUS NET variants)
- SIMATIC CP 1243-7 LTE EU
- SIMATIC CP 1243-7 LTE US
- SIMATIC CP 1243-8 IRC
- SIMATIC CP 1542SP-1
- SIMATIC CP 1542SP-1 IRC (incl. SIPLUS NET variants)
- SIMATIC CP 1543-1 (incl. SIPLUS NET variants)
- SIMATIC CP 1543SP-1 (incl. SIPLUS NET variants)
- SIMATIC RF185C
- SIMATIC RF186C
- SIMATIC RF186CI
- SIMATIC RF188C
- SIMATIC RF188CI
- SINEMA Remote Connect Server
- SINAMICS GH150 V4.7 (Control Unit)
- SINAMICS GH150 V4.8 (Control Unit)
- SINAMICS GL150 V4.7 (Control Unit)
- SINAMICS GL150 V4.8 (Control Unit)
- SINAMICS GM150 V4.7 (Control Unit)
- SINAMICS GM150 V4.8 (Control Unit)
- SINAMICS SL150 V4.7 (Control Unit)
- SINAMICS SL150 V4.8 (Control Unit)
- SINAMICS SM120 V4.7 (Control Unit)
- SINAMICS SM120 V4.8 (Control Unit)
- SINAMICS SM150 V4.8 (Control Unit)
- KTK ATE530S
- SIDOOR ATD430W
- SIDOOR ATE530S COATED
- SIDOOR ATE531S
- SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)
- SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
- SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 MF HF
- SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)
- SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)
- SIMATIC MICRO-DRIVE PDC
- SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)
- SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS
- SIMATIC S7-1500 Software Controller
- SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)
- SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants)
- SIMATIC S7-400 PN/DP V7 and below CPU family (incl. SIPLUS variants)
- SIMATIC S7-410 CPU family (incl. SIPLUS variants)
- SIMATIC TDC CP51M1
- SIMATIC TDC CPU555
- SIMATIC WinAC RTX (F) 2010
- SINAMICS S/G Control Unit w. PROFINET
- SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87,
- SIPROTEC 5 device types 7SS85 and 7KE85
- All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and
- SIPROTEC 5 device types with CPU variants CP200 and the respective
- DIGSI 5 engineering software
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS) -remotely
- Execute arbitrary code
- Unauthorized disclosure of information
Best practice and Recommendations:
The CERT team encourages users to review Siemens security advisory and apply the necessary updates:
- https://cert-portal.siemens.com/productcert/txt/ssa-899560.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-593272.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-530931.txt
- https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-377115.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-270778.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-352504.txt