← Back to home
ICSA-19-099-03  ·  Published 2022-04-14  ·  View on CISA ICS-CERT ↗

Siemens Industrial Products with OPC UA (Update H)

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of this vulnerability could cause a denial-of-service condition on the affected service or device.

CVEs (1)

Remediations

  • Deactivate the OPC UA Service if supported by the product
  • Use VPN for protecting network communication between cells
  • Currently no fix is planned
  • Update to V3.15 P018 or later version
  • Update to V14 SP2 or later version
  • Update to V1.0 SP1 or later version
  • Update to V2.7 or later version
  • Update to V2.1 or later version
  • Update to V3.1.1 or later version
  • Update to V15.1 Upd 4 or later version
  • Update to V5.1.3 or later version
  • Update to V1.1.0 or later version
  • Update to V3.2.1 or later version
  • Update to V2.6.1 or later version
  • Update to V15.1 Upd4 or later version
  • Update to V14 SP1 Update 14 or later version
  • As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial- security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Affected Vendors

Siemens

Affected Products (19)

Siemens · SIMATIC CP 443-1 OPC UA vers:all/*
Siemens · SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) < V2.7
Siemens · SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) < V15.1 Upd 4
Siemens · SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) < V15.1 Upd 4
Siemens · SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F < V15.1 Upd 4
Siemens · SIMATIC IPC DiagMonitor < V5.1.3
Siemens · SIMATIC NET PC Software V13 vers:all/*
Siemens · SIMATIC NET PC Software V14 < V14 SP1 Update 14
Siemens · SIMATIC NET PC Software V15 vers:all/*
Siemens · SIMATIC RF188C < V1.1.0
Siemens · SIMATIC RF600R family < V3.2.1
Siemens · SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) >= V2.5 < V2.6.1
Siemens · SIMATIC S7-1500 Software Controller All versions between V2.5 (including) and V2.7 (excluding)
Siemens · SIMATIC WinCC OA < V3.15 P018
Siemens · SIMATIC WinCC Runtime Advanced < V15.1 Upd 4
Siemens · SINEC NMS < V1.0 SP1
Siemens · SINEMA Server < V14 SP2
Siemens · SINUMERIK OPC UA Server < V2.1
Siemens · TeleControl Server Basic < V3.1.1

Affected Sectors

Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more