← Back to home
ICSA-17-187-03F  ·  Published 2018-06-12  ·  View on CISA ICS-CERT ↗

ICSA-17-187-03F Siemens SIPROTEC 4 and SIPROTEC Compact (Update F)

CVSS 8.6 HIGH

CVEs (6)

Remediations

  • Install V1.04.01 - Download: https://support.industry.siemens.com/cs/us/en/view/109745821
  • Install V1.11.00 - Download: https://support.industry.siemens.com/cs/us/en/view/109745821
  • Install V1.03 - Download: https://support.industry.siemens.com/cs/us/en/view/109745821
  • Install V1.21 - Download: https://support.industry.siemens.com/cs/us/en/view/109745821
  • Install V1.02.02 - Download: Please contact the Siemens hotline at [email protected]
  • Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Apply secure substation concept and Defense-in-Depth (see https://www.siemens.com/gridsecurity)
  • Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Restrict network access to port 80/TCP and port 50000/UDP
  • Install V 4.83 - Download: http://www.siemensenergysector.com/ProductRelatedDown.aspx?ProductId=51
  • Install V 4.01 - Download: http://www.siemensenergysector.com/ProductRelatedDown.aspx?ProductId=68
  • Install V 4.03 - Download: http://www.siemensenergysector.com/ProductRelatedDown.aspx?ProductId=64
  • Install V 4.20 - Download: https://support.industry.siemens.com/cs/gb/en/view/109743555
  • Install V 4.87 - Download: http://www.siemensenergysector.com/ProductRelatedDown.aspx?ProductId=51
  • Install V4.02 - Download: http://www.siemensenergysector.com/ProductRelatedDown.aspx?ProductId=68
  • Install V4.05 - Download: http://www.siemensenergysector.com/ProductRelatedDown.aspx?ProductId=64
  • Install V 4.30 - Download: https://support.industry.siemens.com/cs/us/en/view/109743555

Affected Vendors

Siemens

Affected Products (13)

Siemens · Firmware variant PROFINET IO for EN100 Ethernet module <V1.04.01
Siemens · Firmware variant Modbus TCP for EN100 Ethernet module <V1.11.00
Siemens · Firmware variant DNP3 TCP for EN100 Ethernet module <V1.03
Siemens · Firmware variant IEC 104 for EN100 Ethernet module <V1.21
Siemens · EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 <1.02.02
Siemens · SIPROTEC 7SJ686 <V_4.83
Siemens · SIPROTEC 7SJ686 <V_4.87
Siemens · SIPROTEC 7UT686 <V_4.01
Siemens · SIPROTEC 7UT686 <V_4.02
Siemens · SIPROTEC 7SD686 <V_4.03
Siemens · SIPROTEC 7SD686 <V_4.05
Siemens · SIPROTEC 7SJ66 <V_4.20
Siemens · SIPROTEC 7SJ66 <V_4.30

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more