← Back to home
ICSA-18-030-02  ·  Published 2018-01-30  ·  View on CISA ICS-CERT ↗

Siemens TeleControl Server Basic

CVSS 8.8 HIGH

Risk Summary

ATTENTION: Remotely exploitable/low skill level to exploit.

CVEs (3)

Remediations

  • Siemens recommends that users install the latest version of TeleControl Server Basic.
  • If TeleControl Server Basic is operated in standalone mode, then users can close Port 8000/TCP on the Windows firewall to mitigate vulnerabilities CVE-2018-4835 and CVE-2018-4836.
  • If TeleControl Server Basic is operated in redundancy mode, then users can use the Windows firewall to restrict access to Port 8000/TCP to the second TeleControl Server Basics' IP address to mitigate vulnerabilities CVE-2018-4835 and CVE-2018-4836.
  • Users can use the Windows firewall to close Ports 80/TCP and 443/TCP to mitigate vulnerability CVE-2018-4837.
  • For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-65145.

Affected Vendors

Siemens

Affected Products (1)

Siemens · TeleControl Server Basic < 3.1

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more