← Back to home
ICSA-19-318-02  ·  Published 2020-07-14  ·  View on CISA ICS-CERT ↗

Siemens S7-1200 and S7-200 SMART CPUs (Update B)

CVSS 6.8 MEDIUM

CVEs (1)

Remediations

  • Ensure physical access protection
  • Apply Defense-in-Depth: https://www.siemens.com/cert/operational-guidelines-industrial-security
  • Update to version >= V4.4.1 and Function State (FS) >= 11
  • Firmware versions less than V4.x cannot be updated.
  • Update to version >= V2.5.1 and the latest boot loader version
  • Update to version >= V2.2.3 and the latest boot loader version
  • Update to version >= V2.3.0 and the latest boot loader version

Affected Vendors

Siemens

Affected Products (16)

Siemens · SIMATIC S7-1200 CPU family V4.x (incl.'SIPLUS variants) <_with_Function_State_FS_11
Siemens · SIMATIC S7-1200 CPU family < V4.x (incl.'SIPLUS variants) vers:all/*
Siemens · SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) <=V2.5.0_and_Function_State_FS_9
Siemens · SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) <=V2.5.0_and_Function_State_FS_9
Siemens · SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) <=V2.5.0_and_Function_State_FS_8
Siemens · SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) <=V2.5.0_and_Function_State_FS_8
Siemens · SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) <=V2.5.0_and_Function_State_FS_11
Siemens · SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) <=V2.5.0_and_Function_State_FS_10
Siemens · SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) <=V2.5.0_and_Function_State_FS_10
Siemens · SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) <=V2.5.0_and_Function_State_FS_12
Siemens · SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) <=V2.2.2_and_Function_State_FS_8
Siemens · SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) <=V2.2.2_and_Function_State_FS_10
Siemens · SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) <=V2.3.0_and_Function_State_FS
Siemens · SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) <=V2.3.0_and_Function_State_FS
Siemens · SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) <=V2.3.0_and_Function_State_FS
Siemens · SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) <=V2.3.0_and_Function_State_FS

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more