ICSA-17-243-01
·
Published 2025-05-06
·
View on CISA ICS-CERT ↗
Siemens OPC UA Protocol Stack Discovery Service (Update E)
CVSS 8.2
HIGH
CVEs (1)
Remediations
- Update to V7.1 or later version
- Update to V14 SP1 Update 14 or later version
- Currently no fix is planned
- Update to V14 SP1 or later version
- Turn off the Discovery Service after commissioning or block it on the local firewall: https://support.industry.siemens.com/cs/ww/en/view/109749461
- Use VPN for protecting network communication between cells
Affected Vendors
Siemens
Affected Products (6)
Siemens
·
SIMATIC IT Production Suite
>=V6.5_and_<V7.1
Siemens
·
SIMATIC NET PC Software V14
<V14_SP1_Update_14
Siemens
·
SIMATIC PCS 7
8.0|8.1
Siemens
·
SIMATIC WinCC
<V7.2
Siemens
·
SIMATIC WinCC Runtime Professional V13
vers:all/*
Siemens
·
SIMATIC WinCC Runtime Professional V14
<V14_SP1
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more