ICSA-17-192-01
·
Published 2017-07-11
·
View on CISA ICS-CERT ↗
Siemens SIMATIC Logon
CVSS 5.3
MEDIUM
Risk Summary
ATTENTION: Remotely exploitable/low skill level to exploit.
CVEs (1)
Remediations
- Siemens created a software upgrade V1.6 for SIMATIC Logon which fixes the vulnerability, and they recommend users upgrade to the newest version. Please contact the local Siemens representative or customer support at the following location:
- https://www.siemens.de/automation/partner
- Siemens strongly recommends users protect network access to the Port 16389/TCP of the SIMATIC Logon Remote Access service with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens ' Operational Guidelines for Industrial Security:
- https://www.siemens.com/cert/operational-guidelines-industrial-security
- For a more specific list of affected products and more detailed mitigation instructions, please see Siemens Security Advisory SSA-804859 at the following location:
- http://www.siemens.com/cert/advisories
Affected Vendors
Siemens
Affected Products (1)
Siemens
·
SIMATIC Logon
< 1.6
Affected Sectors
Chemical, Energy, Food and Agriculture, Water and Wastewater Systems
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more