← Back to home
ICSA-18-128-01  ·  Published 2020-02-10  ·  View on CISA ICS-CERT ↗

Siemens Medium Voltage SINAMICS Products (Update A)

CVSS 7.5 HIGH

CVEs (2)

Remediations

  • Apply cell protection concept and implement Defense-in-Depth: https://www.siemens.com/cert/operational-guidelines-industrial-security.
  • Protect network access to port 161/udp of affected devices.
  • Use VPN for protecting network communication between cells.
  • Update to V4.4 HF26. The update can be obtained from your Siemens representative or via Siemens customer service.
  • Update to V4.7 SP5 HF7 or upgrade to V4.8 SP2. The update can be obtained from your Siemens representative or via Siemens customer service.
  • Update to V4.7 HF31 or update to V4.8 SP2. The update can be obtained from your Siemens representative or via Siemens customer service.
  • Update to V4.7 HF30 or upgrade to V4.8 SP2. The update can be obtained from your Siemens representative or via Siemens customer service.
  • Upgrade to V4.8 SP2. The update can be obtained from your Siemens representative or via Siemens customer service.
  • Update to V4.4 HF26 The update can be obtained from your Siemens representative or via Siemens customer service.

Affected Vendors

Siemens

Affected Products (8)

Siemens · SIMOTION D4xx V4.4 for SINAMICS SM150i-2 w. PROFINET (incl. SIPLUS variants) <V4.4_HF26
Siemens · SINAMICS GH150 V4.7 w. PROFINET <V4.7_SP5_HF7
Siemens · SINAMICS GL150 V4.7 w. PROFINET <V4.8_SP2
Siemens · SINAMICS GM150 V4.7 w. PROFINET <V4.7_HF31
Siemens · SINAMICS SL150 V4.7.0 w. PROFINET <V4.7_HF30
Siemens · SINAMICS SL150 V4.7.4 w. PROFINET <V4.8_SP2
Siemens · SINAMICS SL150 V4.7.5 w. PROFINET <V4.8_SP2
Siemens · SINAMICS SM120 V4.7 w. PROFINET <V4.8_SP2

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more