ICSA-20-252-02
·
Published 2020-12-08
·
View on CISA ICS-CERT ↗
Siemens SIMATIC S7-300 and S7-400 CPUs (Update C)
CVSS 5.9
MEDIUM
Risk Summary
Successful exploitation of this vulnerability could result in credential disclosure.
CVEs (1)
Remediations
- Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
- As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens ' operational guidelines for Industrial Security, and following the recommendations in the product manuals.
- Follow this link for additional information on Industrial Security by Siemens.
- For more information on this vulnerability and the associated mitigations, please see Siemens security advisory SSA-381684
Affected Vendors
Siemens
Affected Products (4)
Siemens
·
SINUMERIK 840D sl
vers:all/*
Siemens
·
SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)
vers:all/*
Siemens
·
SIMATIC S7-400 CPU family (incl. SIPLUS variants)
vers:all/*
Siemens
·
SIMATIC WinAC RTX (F) 2010
vers:all/*
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more