Risk Summary
ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available.
CVEs (3)
Remediations
- As the web server is for diagnostics only and not required for normal operation, Siemens recommends disabling the web server after commissioning.
- For users who are currently using the discontinued ETA2 (IEC 60870-5-104), MODi00 (Modbus/TCP slave) or DNPi00 (DNP3/TCP slave) firmware, Siemens recommends users upgrade to ETA4 (IEC 60870-5-104), MBSiA0 (Modbus/TCP slave) or DNPiA1 (DNP3/ TCP slave) firmware, respectively, on the SM-2558 COM Module, which is the successor to the SM-2556 Module. The upgrades are available at:
- http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/substation-automation/substation-automation/Pages/sicam-ak-3.aspx
- Siemens recommends users protect network access with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens ' Operational Guidelines for Industrial Security:
- https://www.siemens.com/cert/operational-guidelines-industrial-security
- For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-164516 at the following location:
- http://www.siemens.com/cert/advisories
Affected Vendors
Siemens
Affected Products (1)
Siemens
·
SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00 ERAC00 ETA2 ETLS00 MODi00 DNPi00
vers:all/*
Affected Sectors
Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more