ICSA-20-252-06
·
Published 2025-05-06
·
View on CISA ICS-CERT ↗
Siemens SIMATIC HMI Products (Update A)
CVSS 6.5
MEDIUM
CVEs (2)
Remediations
- Update to V16 Update 3
- Update to V16 Update 5
- Apply Defense-in-Depth: https://www.siemens.com/cert/operational-guidelines-industrial-security
- For Unified Comfort Panels using SmartClient: The password truncation (CVE-2020-15787) cannot be resolved due to RFC 6143 and is limited to 8 characters. It is recommended to use complex passwords
Affected Vendors
Siemens
Affected Products (4)
Siemens
·
SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants)
<V16
Siemens
·
SIMATIC HMI Comfort Panels (incl. SIPLUS variants)
<=V16
Siemens
·
SIMATIC HMI Mobile Panels
<=V16
Siemens
·
SIMATIC HMI Unified Comfort Panels
<=V16
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more