ICSA-20-343-05
·
Published 2025-05-06
·
View on CISA ICS-CERT ↗
Siemens Embedded TCP/IP Stack Vulnerabilities-AMNESIA:33 (Update C)
CVSS 6.5
MEDIUM
CVEs (1)
Remediations
- Update to V4.2 or later version
- Update to V2.0 or later version
- Update to V3.0.5 or later version
- Update to V2.4.5 or later version
- Update to V2.0.1 or later version
- Update to V1.1.1 or later version
- For successful exploitation, an attacking system must be located in the same Modbus TCP segment as a vulnerable device. Therefore ensure that only trusted systems are attached to that segment and only trusted persons have access.
Affected Vendors
Siemens
Affected Products (7)
Siemens
·
SENTRON 3VA COM100/800
<V4.2
Siemens
·
SENTRON 3VA DSP800
<V2.0
Siemens
·
SENTRON PAC2200 (without MID Approval)
<V3.0.5
Siemens
·
SENTRON PAC3200
<V2.4.5
Siemens
·
SENTRON PAC3200T
<V3.0.5
Siemens
·
SENTRON PAC4200
<V2.0.1
Siemens
·
SIRIUS 3RW5 communication module Modbus TCP
<V1.1.1
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more