Siemens SIMATIC HMI Devices Vulnerabilities (Update E)

CVEs (1)

Remediations

• SIMATIC HMI Basic Panels 2nd Generation: Update to WinCC (TIA Portal) V13 SP1 Upd2: (https://support.industry.siemens.com/cs/ww/en/view/109311724)
• SIMATIC HMI Comfort Panels: Update to WinCC (TIA Portal) V12 SP1 Upd5: (https://support.industry.siemens.com/cs/ww/en/view/78683919)
• Update to WinCC (TIA Portal) V13 SP1 Upd2: (https://support.industry.siemens.com/cs/ww/en/view/109311724)
• SIMATIC WinCC Runtime Advanced: Update to V12 SP1 Upd5: (https://support.industry.siemens.com/cs/ww/en/view/79684570)
• Update to V13 SP1 Upd2: (https://support.industry.siemens.com/cs/ww/en/view/109311423)
• SIMATIC WinCC Runtime Professional: Update to V13 SP1 Upd2: (https://support.industry.siemens.com/cs/ww/en/view/109439573)
• SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal): Update to WinCC (TIA Portal) V12 SP1 Upd5: (https://support.industry.siemens.com/cs/ww/en/view/78683919)
• Update to WinCC (TIA Portal) V13 SP1 Upd4: (https://support.industry.siemens.com/cs/ww/en/view/109311724)
• SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal): Update to WinCC (TIA Portal) V12 SP1 Upd5: (https://support.industry.siemens.com/cs/ww/en/view/78683919)
• SIMATIC HMI Multi Panels (WinCC TIA Portal): Update to WinCC (TIA Portal) V12 SP1 Upd5: (https://support.industry.siemens.com/cs/ww/en/view/78683919)
• SIMATIC NET PC-Software V12: Update to V12 SP2 HF3: (https://support.industry.siemens.com/cs/ww/en/view/109475388)
• SIMATIC NET PC-Software V13: Update to V13 HF1: (https://support.industry.siemens.com/cs/ww/en/view/109475388)
• SIMATIC WinCC V7.X: Update to V7.2 Upd11: (https://support.industry.siemens.com/cs/de/en/view/109478834)
• Update to V7.3 Upd4: (https://support.industry.siemens.com/cs/de/en/view/109475497)
• SIMATIC Automation Tool: Update to V1.0.2: (https://support.industry.siemens.com/cs/ww/en/view/98161300)
• SIMATIC PCS 7 V8.1: Update to SP1: (https://support.industry.siemens.com/cs/ww/en/view/108463041)
• SIMATIC PCS 7 V8.0: Update to SP2: (https://support.industry.siemens.com/cs/de/en/view/109478834)
• For WinCC (TIA Portal) V12 or V13 devices, Siemens recommends updating the configuration to WinCC (TIA Portal) V13 SP1 and also updating the device version of the HMI to its latest version (provided with WinCC (TIA Portal) V13 SP1 Upd4). Until patches can be applied, Siemens recommends customers to mitigate the risk of their products by implementing the following steps: Apply cell protection concept, discussed at: (https://www.siemens.com/cert/operational-guidelines-industrial-security)
• Use VPN for protecting network communication between cells
• Apply defense-in-depth strategies, which are discussed at: (http://www.industry.siemens.com/topics/global/en/industrial-security/concept/Pages/defense-in-depth.aspx).

Affected Vendors

Affected Products (17)