ICSA-19-227-04
·
Published 2020-05-12
·
View on CISA ICS-CERT ↗
Siemens SINAMICS (Update C)
CVSS 7.5
HIGH
CVEs (1)
Remediations
- Apply appropriate strategies for mitigation as described in the General Security Recommendation section.
- Restrict network access to the integrated webserver.
- Deactivate the webserver if not required, and if deactivation is supported by the product. For SINAMICS products: Deactivate webserver with parameter P8986 = 0.
- Upgrade to V4.8 SP2 HF9 or later version. The software can be obtained from your Siemens representative or via Siemens customer service.
- Update to V4.7 HF33 or upgrade to V5.2 SP2. The software can be obtained from your Siemens representative or via Siemens customer service.
- Upgrade to V5.2 SP2. The software can be obtained from your Siemens representative or via Siemens customer service
- Upgrade to V4.8 SP2 HF10 or later version. The software can be obtained from your Siemens representative or via Siemens customer service.
- Upgrade to V5.1 SP2 HF3 or later version. The software can be obtained from your Siemens representative or via Siemens customer service.
Affected Vendors
Siemens
Affected Products (11)
Siemens
·
SINAMICS GH150 V4.7 (Control Unit)
vers:all/*
Siemens
·
SINAMICS GH150 V4.8 (Control Unit)
<V4.8_SP2_HF9
Siemens
·
SINAMICS GL150 V4.7 (Control Unit)
vers:all/*
Siemens
·
SINAMICS GL150 V4.8 (Control Unit)
<V4.8_SP2_HF9
Siemens
·
SINAMICS GM150 V4.7 (Control Unit)
vers:all/*
Siemens
·
SINAMICS GM150 V4.8 (Control Unit)
<V4.8_SP2_HF9
Siemens
·
SINAMICS SL150 V4.7 (Control Unit)
<V4.7_HF33
Siemens
·
SINAMICS SL150 V4.8 (Control Unit)
vers:all/*
Siemens
·
SINAMICS SM120 V4.7 (Control Unit)
vers:all/*
Siemens
·
SINAMICS SM120 V4.8 (Control Unit)
<V4.8_SP2_HF10
Siemens
·
SINAMICS SM150 V4.8 (Control Unit)
vers:all/*
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more