ICSA-18-067-01
·
Published 2025-05-06
·
View on CISA ICS-CERT ↗
Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module (Update D)
CVSS 7.5
HIGH
CVEs (2)
Remediations
- Update to V4.92
- Update to V1.05.00 and configure DIGSI 4 connection password
- Currently no remediation is available
- Update to V4.30 and configure DIGSI 4 connection password
- Update to V4.70
- Update to V4.96
- Update to V4.30
- Update to V4.77
- Apply secure substation concept and Defense-in-Depth (see https://www.siemens.com/gridsecurity) or contact customer care to find specific solutions.
Affected Vendors
Siemens
Affected Products (15)
Siemens
·
DIGSI 4
<V4.92
Siemens
·
EN100 Ethernet module DNP3 variant
<V1.05.00
Siemens
·
EN100 Ethernet module IEC 104 variant
vers:all/*
Siemens
·
EN100 Ethernet module IEC 61850 variant
<V4.30
Siemens
·
EN100 Ethernet module Modbus TCP variant
vers:all/*
Siemens
·
EN100 Ethernet module PROFINET IO variant
vers:all/*
Siemens
·
Other SIPROTEC 4 relays
vers:all/*
Siemens
·
Other SIPROTEC Compact relays
vers:all/*
Siemens
·
SIPROTEC 4 7SD80
<V4.70
Siemens
·
SIPROTEC 4 7SJ61
<V4.96
Siemens
·
SIPROTEC 4 7SJ62
<V4.96
Siemens
·
SIPROTEC 4 7SJ64
<V4.96
Siemens
·
SIPROTEC 4 7SJ66
<V4.30
Siemens
·
SIPROTEC Compact 7SJ80
<V4.77
Siemens
·
SIPROTEC Compact 7SK80
<V4.77
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more