← Back to home
ICSA-14-105-03B  ·  Published 2025-06-09  ·  View on CISA ICS-CERT ↗

Siemens Industrial Products OpenSSL Heartbleed Vulnerability (Update B)

CVSS 7.5 HIGH CISA KEV — Known Exploited

CVEs (1)

Remediations

  • eLAN-8.2. To obtain the update to Version 8.3.3, submit a support request online at: (http://www.siemens.com/automation/support-request)
  • WinCC OA V3.12. The update for WinCC OA 3.12 can be obtained here (login required): (https://portal.etm.at/index.php?option=com_content&view=category&id=65&layout=blog&Itemid=80)
  • CP-1543-1 V1.1. The update for CP-1543 V1.1 can be obtained here: (http://support.automation.siemens.com/WW/view/en/92417421)
  • APE 2.0. The update for APE can be obtained here: (http://www.ruggedcom.com/support/appnotes/)
  • S7-1500 V1.5. The update for S7-1500 V1.5 can be obtained here: (http://support.automation.siemens.com/WW/view/en/67295862/133100)
  • S7-1500 V1.5. The update for S7-1500 Failsafe V1.5 can be obtained here: (http://support.automation.siemens.com/WW/view/en/87493352/133100)

Affected Vendors

Siemens

Affected Products (5)

Siemens · eLAN-8.2 eLAN (when RIP is used) <8.3.3
Siemens · WinCC OA only V3.12
Siemens · S7-1500 (when HTTPS active) V1.5
Siemens · CP1543-1 (when FTPS active) V1.1
Siemens · APE 2.0 (when SSL/TLS component is used in customer implementation) vers:all/*

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more