ICSA-12-205-02
·
Published 2025-06-06
·
View on CISA ICS-CERT ↗
Siemens SIMATIC STEP 7 DLL Vulnerability
CVSS 6.9
MEDIUM
CVEs (1)
Remediations
- Siemens has provided the STEP 7 software update V5.5 SP1 (equivalent to V5.5.1) that resolves the vulnerability, but recommends that the latest Service Pack, V5.5 SP2,Service Pack 2 for STEP 7 V5.5 and STEP 7 Professional 2010, (http://support.automation.siemens.com/WW/view/en/57026339). be installed as soon as possible. SIMATIC PCS 7 users should also apply this update.
- The updates implement a mechanism that rejects DLLs in the STEP 7 project folders, which contain executable code, thus preventing unintended execution of unchecked code. For further information please review the Siemens Security Advisory SSA-110665 (https://cert-portal.siemens.com/productcert/pdf/ssa-110665.pdf) that can be found at the Siemens ProductCERT website.
Affected Vendors
Siemens
Affected Products (2)
Siemens
·
SIMATIC STEP 7
<V5.5_Service_Pack_1_V5.5.1_equivalent
Siemens
·
SIMATIC PCS 7
<=V7.1_SP3
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more