← Back to home
ICSA-20-343-09  ·  Published 2020-12-08  ·  View on CISA ICS-CERT ↗

Siemens SIMATIC Controller Web Servers

CVSS 5.3 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition.

CVEs (1)

Remediations

  • If the PC Station web server does not restart automatically Windows reboot is required. This can be done while the control system is running as the PLC control functionality is not affected.
  • Update to V21.8 - Download: https://support.industry.siemens.com/cs/us/en/view/109759122
  • Update to V21.8 - Download: https://support.industry.siemens.com/cs/us/en/view/109478528
  • As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Affected Vendors

Siemens

Affected Products (2)

Siemens · SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) V20.8
Siemens · SIMATIC S7-1500 Software Controller V20.8

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more