Siemens Industrial Products glibc Library Vulnerability (Update C)

CVEs (1)

Remediations

• Siemens provides updates for the following products and encourages customers to update their products:
• ROX II: Update to version 2.9.1, Submit a support request online (https://www.siemens.com/automation/support-request)
• Call a local hotline center: (https://w3.siemens.com/aspa_app/)
• APE (Linux): Follow update process provided in the corresponding application note: (http://support.automation.siemens.com/WW/view/en/109485761)
• Basic RT V13: Update to Version V13 SP 1 Update 9: (https://support.industry.siemens.com/cs/ww/en/view/109311724)
• SINEMA Remote Connect software update for Version 1.2 is available at the following link: (https://support.industry.siemens.com/cs/ww/en/view/109737963)
• SCALANCE M-800/S615: Update to V4.02: (https://support.industry.siemens.com/cs/ww/en/view/109740858)
• Siemens recommends applying the following mitigations until patches can be applied: Disable use of DNS on affected devices if possible. Use trusted DNS servers, trusted networks/providers, and known trusted DNS domains in device configuration. OR Limit size of DNS responses to 512 bytes for UDP messages, and 1024 bytes for TCP messages on network border.
• As a general security measure, Siemens strongly recommends to protect network access to nonperimeter devices with appropriate mechanisms. It is advised to configure the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment.
• For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-301706 at the following location: (http://www.siemens.com/cert/advisories)

Affected Vendors

Affected Products (5)