← Back to home
ICSA-18-254-04  ·  Published 2018-09-11  ·  View on CISA ICS-CERT ↗

ICSA-18-254-04 Siemens SIMATIC WinCC OA

CVSS 9.1 CRITICAL

CVEs (1)

Remediations

  • Update to V3.14-P021 and follow the steps at https://portal.etm.at/patchdownload.php?fp=version_3.14/win64vc12/ReadmeP021.txt for adding of modifying WinCC OA users in AD environments. - Download: https://portal.etm.at/index.php?option=com_content&view=category&id=67&layout=blog&Itemid=80
  • Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk:allow manual remediation of the vulnerability fixed by WinCC OAV3.14-P021.for maintaining a secured SIMATIC WinCC OA environment. The steps described at https://portal.etm.at/patchdownload.php?fp=version_3.14/win64vc12/ReadmeP021.txt
  • Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk:allow manual remediation of the vulnerability fixed by WinCC OAV3.14-P021.for maintaining a secured SIMATIC WinCC OA environment. Follow the SIMATIC WinCC OA Security Guideline (available at https://portal.etm.at/index.php?option=com_phocadownload&view=category&id=52:security&Itemid=81)
  • Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk:allow manual remediation of the vulnerability fixed by WinCC OAV3.14-P021.for maintaining a secured SIMATIC WinCC OA environment. Apply Defense-in-Depth: https://www.siemens.com/cert/operational-guidelines-industrial-security

Affected Vendors

Siemens

Affected Products (1)

Siemens · SIMATIC WinCC OA V3.14 and prior <V3.14-P021

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more