ICSA-19-043-02 Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays

CVEs (1)

Remediations

• Update to V4.35 - Download: https://support.industry.siemens.com/cs/us/en/view/109745821. Applying the update causes the module to go through a single restart cycle.
• See recommendations from section Workaround and Mitigations
• Ethernet communication modules Update to firmware version V7.82 for the following device types: 6MD85, 6MD86, 7SS85, 7KE85, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, and 7UT87. - Download: https://support.industry.siemens.com/ Search for "SIPROTEC 5 - DIGSI Device Drivers V7.8x". The firmware version V7.82 for the communications modules can also be found on each device specific download page: See under "Additional DIGSI Device Driver - V7.8x", article "Protocols". Applying the update causes the module to go through a single restart cycle.
• communication modules Update to firmware version V7.58 for the following device types: 6MD85, 6MD86, 7SS85, 7KE85, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, and 7UT87. - Download: https://support.industry.siemens.com/ Search for "SIPROTEC 5 - DIGSI Device Drivers V7.58". The firmware version V7.58 for the communications modules can also be found on each device specific download page: See in the “Previous Versions” section, article “Protocols”. Applying the update causes the module to go through a single restart cycle.
• Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Block access to port 102/tcp e.g. with an external firewall.

Affected Vendors

Affected Products (7)

Affected Sectors

Multiple