← Back to home
ICSA-19-043-06  ·  Published 2019-07-09  ·  View on CISA ICS-CERT ↗

ICSA-19-043-06 Siemens CP1604 and CP1616 (Update A)

CVSS 9.1 CRITICAL

CVEs (3)

Remediations

  • Update to V2.8 and follow recommendations from Section Workarounds and Mitigations. - Download: https://support.industry.siemens.com/cs/ww/en/view/109762689
  • Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk:default settings and its use is optional. Use in a productiveenvironment is discouraged.restrict access to the web interface (80/tcp) and to the telnet port(23/tcp) to trusted IP addresses if possible.V2.6.2.2, V2.7.2.1 and V2.8 of CP 1616 and CP 1604: Disable the integrated web server. The web server is disabled in the
  • Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk:default settings and its use is optional. Use in a productiveenvironment is discouraged.restrict access to the web interface (80/tcp) and to the telnet port(23/tcp) to trusted IP addresses if possible.V2.6.2.2, V2.7.2.1 and V2.8 of CP 1616 and CP 1604: Restrict access to to the device to the internal or VPN network. Further
  • Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk:default settings and its use is optional. Use in a productiveenvironment is discouraged.restrict access to the web interface (80/tcp) and to the telnet port(23/tcp) to trusted IP addresses if possible.V2.6.2.2, V2.7.2.1 and V2.8 of CP 1616 and CP 1604: Do not click on links from unknown sources.
  • Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk:default settings and its use is optional. Use in a productiveenvironment is discouraged.restrict access to the web interface (80/tcp) and to the telnet port(23/tcp) to trusted IP addresses if possible.V2.6.2.2, V2.7.2.1 and V2.8 of CP 1616 and CP 1604: Fixes for CVE-2018-13808 have also been released in versions V2.5.2.7, https://support.industry.siemens.com/cs/ww/en/view/109768664

Affected Vendors

Siemens

Affected Products (2)

Siemens · CP 1604 vers:all/*
Siemens · CP 1616 vers:all/*

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more