← Back to home
ICSA-19-134-08  ·  Published 2019-10-08  ·  View on CISA ICS-CERT ↗

ICSA-19-134-08 Siemens SIMATIC PCS7, WinCC, TIA Portal (Update D)

CVSS 9.1 CRITICAL

CVEs (3)

Remediations

  • See recommendations from section Workaround and Mitigations
  • Update WinCC to V7.3 Upd 19 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768972
  • Update WinCC to V7.4 SP1 Upd 11 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768093
  • Update to V14 SP1 Upd 9 - Download: https://support.industry.siemens.com/cs/ww/en/view/109747387
  • Update to V15.1 Upd 3 - Download: https://support.industry.siemens.com/cs/ww/en/view/109763890
  • Update to V14.1 Upd 8 - Download: https://support.industry.siemens.com/cs/ww/en/view/109747394
  • Update to V15.1 Upd 3 - Download: https://support.industry.siemens.com/cs/ww/en/view/109763892
  • Update to V7.3 Upd 19 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768972
  • Update to V7.4 SP1 Upd 11 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768093
  • Update to V7.5 Upd 3 - Download: https://support.industry.siemens.com/cs/ww/en/view/109767227
  • Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Apply Defense-in-Depth
  • Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Enable "Encrypted communication" in SIMATIC WinCC and SIMATIC PCS 7.
  • Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Only open project files from trusted locations.

Affected Vendors

Siemens

Affected Products (14)

Siemens · SIMATIC PCS 7 V8.0 and earlier vers:all/*
Siemens · SIMATIC PCS 7 V8.1 <V8.1_with_WinCC_V7.3_Upd_19
Siemens · SIMATIC PCS 7 V8.2 <V8.2_SP1_with_WinCC_V7.4_SP1_Upd11
Siemens · SIMATIC PCS 7 V9.0 <V9.0_SP2_with_WinCC_V7.4_SP1_Upd11
Siemens · SIMATIC WinCC (TIA Portal) V13 vers:all/*
Siemens · SIMATIC WinCC (TIA Portal) V14 <V14_SP1_Upd_9
Siemens · SIMATIC WinCC (TIA Portal) V15 <V15.1_Upd_3
Siemens · SIMATIC WinCC Runtime Professional V13 vers:all/*
Siemens · SIMATIC WinCC Runtime Professional V14 <V14.1_Upd_8
Siemens · SIMATIC WinCC Runtime Professional V15 <V15.1_Upd_3
Siemens · SIMATIC WinCC V7.2 and earlier vers:all/*
Siemens · SIMATIC WinCC V7.3 <V7.3_Upd_19
Siemens · SIMATIC WinCC V7.4 <V7.4_SP1_Upd_11
Siemens · SIMATIC WinCC V7.5 <V7.5_Upd_3

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more