ICSA-21-103-11 · Published 2025-06-10 · View on CISA ICS-CERT ↗

Siemens TIM 4R-IE Devices

CVSS 9.8 CRITICAL

CVEs (14)

CVE-2015-5219 CVE-2015-7705 CVE-2015-7855 CVE-2015-7871 CVE-2015-7973 CVE-2015-7974 CVE-2015-7977 CVE-2015-7979 CVE-2015-8138 CVE-2016-1547 CVE-2016-1548 CVE-2016-1550 CVE-2016-4953 CVE-2016-4954

Remediations

Currently no fix is planned
Deactivate NTP-based time syncronization of the device, if enabled. The feature is disabled by default.
Configure an additional firewall to prevent communication to the port udp/123 of an affected device.

Affected Vendors

Siemens

Affected Products (4)

Siemens · SIPLUS NET TIM 4R-IE (6AG1800-4BA00-7AA0) vers:all/*

Siemens · SIPLUS NET TIM 4R-IE DNP3 (6AG1803-4BA00-7AA0) vers:all/*

Siemens · TIM 4R-IE (6NH7800-4BA00) vers:all/*

Siemens · TIM 4R-IE DNP3 (6NH7803-4BA00-0AA0) vers:all/*

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more