Siemens Updates
1845Warning Date
Severity Level
Warning Number
Target Sector
14 April, 2021
● High
2021-2763
All
Description:
Siemens has released security updates to address several vulnerabilities in the following products:
- Control Center Server (CCS)
- LOGO! Soft Comfort
- Nucleus 4
- Nucleus NET
- Nucleus ReadyStart
- Nucleus RTOS
- Nucleus Source Code
- Opcenter Quality
- QMS Automotive
- SCALANCE X200-4P IRT
- SCALANCE X201-3P IRT
- SCALANCE X201-3P IRT PRO
- SCALANCE X202-2 IRT
- SCALANCE X202-2P IRT (incl. SIPLUS NET variant)
- SCALANCE X202-2P IRT PRO
- SCALANCE X204 IRT
- SCALANCE X204 IRT PRO
- SCALANCE X204-2 (incl. SIPLUS NET variant)
- SCALANCE X204-2FM
- SCALANCE X204-2LD (incl. SIPLUS NET variant)
- SCALANCE X204-2LD TS
- SCALANCE X204-2TS
- SCALANCE X206-1
- SCALANCE X206-1LD
- SCALANCE X208 (incl. SIPLUS NET variant)
- SCALANCE X208PRO
- SCALANCE X212-2 (incl. SIPLUS NET variant)
- SCALANCE X212-2LD
- SCALANCE X216
- SCALANCE X224
- SCALANCE XF201-3P IRT
- SCALANCE XF202-2P IRT
- SCALANCE XF204
- SCALANCE XF204 IRT
- SCALANCE XF204-2 (incl. SIPLUS NET variant)
- SCALANCE XF204-2BA IRT
- SCALANCE XF206-1
- SCALANCE XF208
- SIMOTICS CONNECT 400
- SINEMA Remote Connect Server
- Siveillance Video Open Network Bridge
- Solid Edge SE2020
- Solid Edge SE2021
- Tecnomatix RobotExpert
- TIM 4R-IE (incl. SIPLUS NET variants)
- TIM 4R-IE DNP3 (incl. SIPLUS NET variants)
- VSTAR
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Unauthorized disclosure of information
- Execute arbitrary code -remotely
- Spoofing attacks
Best practice and Recommendations:
The CERT team encourages users to review Siemens security advisory and apply the necessary updates:
- https://cert-portal.siemens.com/productcert/txt/ssa-163226.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-185699.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-187092.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-201384.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-248289.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-292794.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-497656.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-574442.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-669158.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-705111.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-761844.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-788287.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-853866.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-983300.txt