ICSA-21-068-06
·
Published 2025-05-06
·
View on CISA ICS-CERT ↗
Siemens TCP/IP Stack Vulnerabilities-AMNESIA:33 in SENTRON PAC / 3VA Devices (Update C)
CVSS 6.5
MEDIUM
CVEs (2)
Remediations
- Update to V4.4.1 or later version
- Update to V2.4.7 or later version
- Update to V2.3.0 or later version
- For successful exploitation, an attacking system must be located in the same Modbus TCP segment as a vulnerable device. Therefore ensure that only trusted systems are attached to that segment and only trusted persons have access.
- Update to V4.0 or later version
- Currently no remediation is planned
- MID-certified devices do not support firmware updates; V3.2.2 is contained in devices that are labeled as "M22 MID"
- Update to V3.2.2 or later version
- Update to V3.2.0 or later version
Affected Vendors
Siemens
Affected Products (9)
Siemens
·
SENTRON 3VA COM100/800
<V4.4.1
Siemens
·
SENTRON 3VA DSP800
<V4.0
Siemens
·
SENTRON PAC2200 (with CLP Approval)
vers:all/*
Siemens
·
SENTRON PAC2200 (with MID Approval)
<V3.2.2
Siemens
·
SENTRON PAC2200 (without MID Approval)
<V3.2.2
Siemens
·
SENTRON PAC3200
<V2.4.7
Siemens
·
SENTRON PAC3200T
<V3.2.2
Siemens
·
SENTRON PAC3220
<V3.2.0
Siemens
·
SENTRON PAC4200
<V2.3.0
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more