← Back to home
ICSA-19-351-02  ·  Published 2025-05-06  ·  View on CISA ICS-CERT ↗

Siemens SPPA-T3000 (Update A)

CVSS 9.8 CRITICAL

CVEs (54)

CVE-2018-4832 CVE-2019-18283 CVE-2019-18284 CVE-2019-18285 CVE-2019-18286 CVE-2019-18287 CVE-2019-18288 CVE-2019-18289 CVE-2019-18290 CVE-2019-18291 CVE-2019-18292 CVE-2019-18293 CVE-2019-18294 CVE-2019-18295 CVE-2019-18296 CVE-2019-18297 CVE-2019-18298 CVE-2019-18299 CVE-2019-18300 CVE-2019-18301 CVE-2019-18302 CVE-2019-18303 CVE-2019-18304 CVE-2019-18305 CVE-2019-18306 CVE-2019-18307 CVE-2019-18308 CVE-2019-18309 CVE-2019-18310 CVE-2019-18311 CVE-2019-18312 CVE-2019-18313 CVE-2019-18314 CVE-2019-18315 CVE-2019-18316 CVE-2019-18317 CVE-2019-18318 CVE-2019-18319 CVE-2019-18320 CVE-2019-18321 CVE-2019-18322 CVE-2019-18323 CVE-2019-18324 CVE-2019-18325 CVE-2019-18326 CVE-2019-18327 CVE-2019-18328 CVE-2019-18329 CVE-2019-18330 CVE-2019-18331 CVE-2019-18332 CVE-2019-18333 CVE-2019-18334 CVE-2019-18335

Remediations

  • Please contact your Siemens Energy service management organization to obtain the update to Service Pack R8.2 SP2.
  • Implement mitigations described in the SPPA-T3000 security manual
  • Restrict access to the Application Highway using the SPPA-T3000 Firewall
  • External components should be connected only to the SPPA-T3000 DMZ; no bridging of an external network to either the Application- or Automation highways is allowed
  • Perform regular updates of the SPPA-T3000 (e.g. by using the Security Server if available)
  • Implement mitigations provided in the customer information letter distributed via the customer service portal
  • Please contact your local Siemens Energy representative if you need help at securing your SPPA-T3000 installation
  • Apply released configuration specifications for SPPA-T3000 MS3000 available with Service Pack R8.2 SP2 to mitigate these vulnerabilities.

Affected Vendors

Siemens

Affected Products (2)

Siemens · SPPA-T3000 Application Server <Service_Pack_R8.2_SP2
Siemens · SPPA-T3000 MS3000 Migration Server vers:all/*

Affected Sectors

Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more