← Back to home
ICSA-19-134-09  ·  Published 2022-08-09  ·  View on CISA ICS-CERT ↗

Siemens SIMATIC Panels and WinCC (TIA Portal)

CVSS 7.5 HIGH

CVEs (1)

Remediations

  • Deactivate the OPC UA Service if supported by the product
  • Use VPN for protecting network communication between cells
  • Currently no fix is planned
  • Update to V3.15 P018 or later version
  • Update to V14 SP2 or later version
  • Update to V1.0 SP1 or later version
  • Update to V2.7 or later version
  • Update to V2.1 or later version
  • Update to V3.1.1 or later version
  • Update to V15.1 Upd 4 or later version
  • Update to V5.1.3 or later version
  • Update to V1.1.0 or later version
  • Update to V3.2.1 or later version
  • Update to V2.6.1 or later version
  • Update to V15.1 Upd4 or later version
  • Update to V14 SP1 Update 14 or later version

Affected Vendors

Siemens

Affected Products (19)

Siemens · SIMATIC CP 443-1 OPC UA vers:all/*
Siemens · SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) <V2.7
Siemens · SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) <V15.1_Upd_4
Siemens · SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) <V15.1_Upd_4
Siemens · SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F <V15.1_Upd_4
Siemens · SIMATIC IPC DiagMonitor <V5.1.3
Siemens · SIMATIC NET PC Software V13 vers:all/*
Siemens · SIMATIC NET PC Software V14 <V14_SP1_Update_14
Siemens · SIMATIC NET PC Software V15 vers:all/*
Siemens · SIMATIC RF188C <V1.1.0
Siemens · SIMATIC RF600R family <V3.2.1
Siemens · SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) >=V2.5_<V2.6.1
Siemens · SIMATIC S7-1500 Software Controller All_versions_between_V2.5_(including)_and_V2.7_(excluding)
Siemens · SIMATIC WinCC OA <V3.15_P018
Siemens · SIMATIC WinCC Runtime Advanced <V15.1_Upd_4
Siemens · SINEC NMS <V1.0_SP1
Siemens · SINEMA Server <V14_SP2
Siemens · SINUMERIK OPC UA Server <V2.1
Siemens · TeleControl Server Basic <V3.1.1

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more