← Back to home
ICSA-18-226-01  ·  Published 2018-10-09  ·  View on CISA ICS-CERT ↗

ICSA-18-226-01 Siemens SIMATIC STEP 7 and SIMATIC WinCC (Update A)

CVSS 8.6 HIGH

CVEs (2)

Remediations

  • Upgrade to V13 SP2 Update 2 - Download: https://support.industry.siemens.com/cs/ww/en/view/109759753
  • Update to V13 SP2 Update 2 - Download: https://support.industry.siemens.com/cs/ww/en/view/109759753
  • Update to V14 SP1 Update 6 - Download: https://support.industry.siemens.com/cs/ww/en/view/109747387
  • Update to V15 Update 2 or newer - Download: https://support.industry.siemens.com/cs/ww/en/view/109755826
  • Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk:trusted sources. Restrict operating system access to authorized personnel.
  • Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk:trusted sources. Validate GSD files for legitimacy and process GSD files only from

Affected Vendors

Siemens

Affected Products (4)

Siemens · SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 vers:all/*
Siemens · SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 <V13_SP2_Update_2
Siemens · SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 <V14_SP1_Update_6
Siemens · SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 <V15_Update_2

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more