ICSA-18-317-07 Siemens SIMATIC IT Production Suite

CVSS 7.7 HIGH

CVEs (1)

CVE-2018-13804

See recommendations from section Workaround and Mitigations
Update to V7.1 Upd3. Contact Product Support to obtain the update. - Download: https://www.plm.automation.siemens.com/global/en/support/
Versions V1.2 Update the contained components SIMATIC IT Administrative Tools, SIMATIC IT Basic Service, and SIMATIC IT Full Services to V7.1 Upd3 (or later). Contact Product Support to obtain the update. - Download: https://www.plm.automation.siemens.com/global/en/support/
Versions V1.3 Update the contained components SIMATIC IT Administrative Tools, SIMATIC IT Basic Service, and SIMATIC IT Full Services to V7.1 Upd3 (or later). Contact Product Support to obtain the update. - Download: https://www.plm.automation.siemens.com/global/en/support/
Versions V2.3 Update the contained components SIMATIC IT Administrative Tools, SIMATIC IT Basic Service, and SIMATIC IT Full Services to V7.1 Upd3 (or later). Contact Product Support to obtain the update. - Download: https://www.plm.automation.siemens.com/global/en/support/
Versions V2.4 The latest V2.4 release containing SIMATIC IT Administrative Tools, SIMATIC IT Basic Service, and SIMATIC IT Full Services V7.1 Upd3 is available from GTAC Download. - Download: https://download.industrysoftware.automation.siemens.com/
Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Restrict network access to affected installations.

Siemens

Siemens · SIMATIC IT LMS vers:all/*

Siemens · SIMATIC IT Production Suite <V7.1_V7.1_Upd3

Siemens · SIMATIC IT UA Discrete Manufacturing <V1.2

Siemens · SIMATIC IT UA Discrete Manufacturing V1.2

Siemens · SIMATIC IT UA Discrete Manufacturing V1.3

Siemens · SIMATIC IT UA Discrete Manufacturing V2.3

Siemens · SIMATIC IT UA Discrete Manufacturing V2.4

Multiple

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.