ICSA-12-348-01
·
Published 2025-06-06
·
View on CISA ICS-CERT ↗
Siemens ProcessSuite and Invensys Intouch Poorly Encrypted Password File
CVSS 1.9
LOW
CVEs (1)
Remediations
- Systems running ProcessSuite are outdated in many aspects and cannot support the latest recommended security practices. As this software is discontinued, Siemens strongly recommends upgrading to a more recent HMI for APACS+.a Further information on migration options to PCS 7 / APACS+ OS along with technical support can be located at the Siemens APACS Web site.
- Invensys recommends using Windows integrated security features or migrating the HMI and OS to versions currently supported and then install their security update. Please consult with Wonderware Technical Support for help with the update.
- Schneider Electric has released a security bulletin titled “Weak Encryption for InTouch Passwords (LFSEC00000080)” to announce the security update, which is available at the following location: (https://gcsresource.invensys.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000080.pdf)
Affected Vendors
Siemens ; Invensys Wonderware
Affected Products (2)
Siemens ; Invensys Wonderware
·
Siemens ProcessSuite
vers:all/*
Siemens ; Invensys Wonderware
·
Invensys Wonderware InTouch 2012
<=R2
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more