ICSA-18-137-03
·
Published 2020-02-10
·
View on CISA ICS-CERT ↗
Siemens SIMATIC S7-400 CPU (Update A)
CVSS 7.5
HIGH
CVEs (1)
Remediations
- Apply cell protection concept: https://www.siemens.com/cert/operational-guidelines-industrial-security.
- Use VPN for protecting network communication between cells.
- Apply Defense-in-Depth: https://www.siemens.com/cert/operational-guidelines-industrial-security.
- Update to firmware version 5.2 or newer https://support.industry.siemens.com/cs/ww/en/view/109474827
- Upgrade to hardware version 5.0 or newer https://support.industry.siemens.com/cs/ww/en/view/109483507
- Upgrade to hardware version 6.0 or newer https://support.industry.siemens.com/cs/ww/en/view/109483507
Affected Vendors
Siemens
Affected Products (3)
Siemens
·
SIMATIC S7-400 CPU hardware version 4.0 and below (incl. SIPLUS variants)
vers:all/*
Siemens
·
SIMATIC S7-400 CPU hardware version 5.0 (incl. SIPLUS variants)
<firmware_V5.2
Siemens
·
SIMATIC S7-400 H CPU hardware version 4.5 and below (incl. SIPLUS variants)
vers:all/*
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more