← Back to home
ICSA-19-190-05  ·  Published 2020-05-12  ·  View on CISA ICS-CERT ↗

Siemens SIPROTEC 5 and DIGSI 5 (Update C)

CVSS 7.5 HIGH

CVEs (2)

Remediations

  • Update to V7.90 or later version. Search for "SIPROTEC 5 - DIGSI Device Drivers" on the Siemens Industry Online Support site. The latest firmware version for the communication modules can also be found on each device specific download page. Applying the update causes the device / module to go through a single restart cycle. https://support.industry.siemens.com/cs/ww/en/
  • Update to V8.01 or later version. Search for "SIPROTEC 5 - DIGSI Device Drivers" on the Siemens Industry Online Support site. Applying the update causes the device / module to go through a single restart cycle. https://support.industry.siemens.com/cs/ww/en/
  • Update to V7.90 or later version and activate the client authorization feature https://support.industry.siemens.com/cs/us/en/view/109767686
  • Block access to port 443/TCP e.g. with an external firewall.
  • Activate role based access control (RBAC) in the device (supported in SIPROTEC 5 firmware versions V7.80 and higher)
  • Activate the DIGSI 5 connection password in the device (supported in all SIPROTEC 5 firmware versions)
  • Update to V7.90 or later version. Search for "SIPROTEC 5 - DIGSI Device Drivers" on the Siemens Industry Online Support site. The latest firmware version for the communication modules can also be found on each device specific download page. Applying the update causes the device / module to go through a single restart cycle.
  • Update to V8.01 or later version. Search for "SIPROTEC 5 - DIGSI Device Drivers" on the Siemens Industry Online Support site. Applying the update causes the device / module to go through a single restart cycle.
  • Update to V7.90 or later version and activate the client authorization feature
  • Update to V7.59 or later version. Search for "SIPROTEC 5 - DIGSI Device Drivers" on the Siemens Industry Online Support site. The latest firmware version for the communication modules can also be found on each device specific download page. Applying the update causes the device / module to go through a single restart cycle. https://support.industry.siemens.com/cs/ww/en/

Affected Vendors

Siemens

Affected Products (6)

Siemens · SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules <V7.90
Siemens · SIPROTEC 5 device types 7SS85 and 7KE85 <V8.01
Siemens · All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules vers:all/*
Siemens · SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules <V7.59
Siemens · SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules vers:all/*
Siemens · DIGSI 5 engineering software <V7.90

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more