Siemens SiPass integrated

CVSS 9.8 CRITICAL

Risk Summary

ATTENTION: Remotely exploitable/low skill level to exploit.

CVE-2017-9939 CVE-2017-9940 CVE-2017-9941 CVE-2017-9942

Siemens provides SiPass integrated V2.70, which fixes the vulnerabilities, and recommends users update to the new version. The new version can be obtained from Siemens customer support or from authorized partners.
For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-339433 at the following location:
http://www.siemens.com/cert/advisories
In addition, ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:

Siemens

Siemens · SiPass integrated < 2.70

Energy, Healthcare and Public Health, Transportation Systems

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.