← Back to home
ICSA-17-061-03  ·  Published 2017-03-02  ·  View on CISA ICS-CERT ↗

Siemens SINUMERIK Integrate and SINUMERIK Operate

CVSS 7.4 HIGH

Risk Summary

ATTENTION: Remotely exploitable.

CVEs (1)

Remediations

  • Siemens provides the following updates for affected SINUMERIK Integrate and SINUMERIK Operate versions:
  • These updates can be obtained from a local Siemens service organization. If assistance is needed in identifying a local Siemens service organization, users may contact a local Siemens hotline at the following link:
  • https://w3.siemens.com/aspa_app/
  • As a general security measure Siemens strongly recommends users configure their environment according to Siemens operational guidelines found below:
  • https://www.industry.siemens.com/topics/global/en/industrial-security/Documents/operational_guidelines_industrial_security_en.pdf
  • For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-934525 at the following location:
  • http://www.siemens.com/cert/en/cert-security-advisories.htm

Affected Vendors

Siemens

Affected Products (5)

Siemens · SINUMERIK Integrate Operate Client 2.0.3.00.016 (including) and 2.0.6 (excluding)
Siemens · SINUMERIK Integrate Operate client 4.5 | SP6 (including) and V4.5 SP6 Hotfix 8 (excluding)
Siemens · SINUMERIK Integrate Operate client 4.7 | SP2 Hotfix 1 (including) and V4.7 SP4 (excluding)
Siemens · SINUMERIK Integrate Access MyMachine/Ethernet with AMM Service Engineer Client (ActiveX) vers:all/*
Siemens · SINUMERIK Integrate Operate Client 3.0.4.00.032 (including) and 3.0.6 (excluding)

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more