Siemens SINAMICS Medium Voltage Products Telnet (Update A)

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to gain full remote access to the HMI.

CVEs (1)

Remediations

• Only HMI image versions prior to v16 Update 3a are affected. Siemens recommends updating the following products to v16 Update 4 or later:
• As only SIMATIC HMI image versions prior to v15 SP1 Update 6 are affected, update the HMI panel image as included in your installation of the following products to v15 SP1 Update 6 or later version.
• Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
• As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens ' operational guidelines for industrial security, and follow the recommendations in the product manuals.
• Additional information on industrial security by Siemens can be found at: https://www.siemens.com/industrialsecurity
• For additional information see Siemens Security Advisory SSA-752103
• For more details regarding the telnet authentication vulnerability in SIMATIC HMI Comfort Panels, refer to Siemens Security Advisory SSA-520004

Affected Vendors

Affected Products (8)

Affected Sectors

Chemical, Commercial Facilities, Critical Manufacturing, Energy, Food and Agriculture, Healthcare and Public Health, Transportation Systems, Water and Wastewater Systems