← Back to home
ICSA-19-134-02  ·  Published 2019-05-14  ·  View on CISA ICS-CERT ↗

ICSA-19-134-02 Siemens SIMATIC WinCC and SIMATIC PCS 7

CVSS 9.8 CRITICAL

CVEs (1)

Remediations

  • Apply recommendations from Section Workarounds and Mitigations, or upgrade to a newer version and enable "Encrypted Communication"
  • Enable "Encrypted Communication"
  • Enable "Encrypted Communication". Starting with WinCC V7.5 "Encrypted Communication" is enabled by default
  • Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Apply Defense-in-Depth concept

Affected Vendors

Siemens

Affected Products (4)

Siemens · SIMATIC PCS 7 V8.0 and earlier vers:all/*
Siemens · SIMATIC PCS 7 V8.1 and newer vers:all/*
Siemens · SIMATIC WinCC V7.2 and earlier vers:all/*
Siemens · SIMATIC WinCC V7.3 and newer vers:all/*

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more