Siemens SIMATIC STEP 7 TIA Portal Vulnerabilities (Update A)

CVEs (2)

Remediations

• Siemens provides Update 1 for SIMATIC STEP 7 (TIA Portal) V13 SP1, which fixes the vulnerabilities. The update can be obtained here: https://support.industry.siemens.com/cs/ww/en/view/109311724
• Siemens also provides Update 5 for SIMATIC STEP 7 (TIA Portal) V12 SP1 to fix the vulnerabilities. Update 5 can be obtained here: https://support.industry.siemens.com/cs/ww/en/view/78683919
• After applying the update, Siemens strongly recommends to change protection-level and web server passwords.
• As a general security measure Siemens also strongly recommends to protect network access with appropriate mechanisms. It is advised to configure the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment. An overview of the operational guidelines for Industrial Security (with the cell protection concept) is available at: http://www.industry.siemens.com/topics/global/en/industrial-security/Documents/operational_guidelines_industrial_security_en.pdf
• For more information on these vulnerabilities and detailed instructions, please see Siemens Security Advisory SSA-315836 at the following location: http://www.siemens.com/cert/advisories

Affected Vendors

Affected Products (2)