ICSA-21-131-11 · Published 2025-05-06 · View on CISA ICS-CERT ↗

Siemens SIMATIC UltraVNC HMI WinCC Products

CVSS 9.8 CRITICAL

CVEs (10)

CVE-2019-8259 CVE-2019-8260 CVE-2019-8261 CVE-2019-8262 CVE-2019-8263 CVE-2019-8264 CVE-2019-8265 CVE-2019-8275 CVE-2019-8277 CVE-2019-8280

Update SIMATIC WinCC (TIA Portal) to V16 Update 4 or later version, and then update panel to V16 Update 4 or later version
Update to V16 Update 4 or later version
Restrict access to port 5900/tcp to trusted IP addresses only

Siemens

Siemens · SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) <V16_Update_4

Siemens · SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) <V16_Update_4

Siemens · SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F <V16_Update_4

Siemens · SIMATIC WinCC Runtime Advanced <V16_Update_4

Multiple

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.