ICSA-18-317-03
·
Published 2020-02-10
·
View on CISA ICS-CERT ↗
Siemens SIMATIC Panels and SIMATIC WinCC (TIA Portal)
CVSS 4.3
MEDIUM
CVEs (1)
Remediations
- Restrict network access to the integrated web server.
- Deactivate the web server if not required. The web server is disabled by default.
- Update SIMATIC WinCC (TIA Portal) to V15 Update 4 or newer, and then update panel to V15 Update 4 or newer. https://support.industry.siemens.com/cs/ww/en/view/109755826
- Update to V15 Update 4 or newer https://support.industry.siemens.com/cs/ww/en/view/109755826
Affected Vendors
Siemens
Affected Products (7)
Siemens
·
SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants)
<V14
Siemens
·
SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants)
<V14
Siemens
·
SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F
<V14
Siemens
·
SIMATIC WinCC Runtime Advanced
<V14
Siemens
·
SIMATIC WinCC Runtime Professional
<V14
Siemens
·
SIMATIC WinCC (TIA Portal)
<V14
Siemens
·
SIMATIC HMI Classic Devices - TP/MP/OP/MP Mobile Panel (incl. SIPLUS variants)
vers:all/*
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more