Risk Summary
ATTENTION: Remotely exploitable/low skill level to exploit.
Remediations
- Siemens has released a new firmware version (V4.29.01) to address these vulnerabilities. It can be found at the SIPROTEC 4 downloads area at the following Siemens web site:
- http://www.siemens.com/downloads/siprotec-4
- Siemens recommends users protect network access with appropriate mechanisms such as firewalls, segmentation, and VPN. Siemens also advises that users configure the operational environment according to Siemens ' Operational Guidelines for Industrial Security. Please see the specific product manual for more information. Manuals can be obtained from the downloads menu at the following Siemens web site:
- http://www.siemens.com/gridsecurity
- For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-452237 at the following location:
- http://www.siemens.com/cert/advisories
- In addition, ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:
Affected Vendors
Siemens
Affected Products (1)
Siemens
·
EN100 Ethernet modules as optional for Reyrolle
< 4.29.01
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more