Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update A)

CVSS 8.1 HIGH

CVEs (1)

CVE-2020-15782

Update to V2.9.2 or later version
Update to V21.9 or later version
Currently no remediation is available
Update to V4.5.0 or later version
Update to V4.0 or later version
Apply password protection for S7 communication
Disallow client connections via the ENDIS_PW instruction of the S7-1200 or S7-1500 CPU (This blocks remote client connections, even when the client can provide the correct password)
Use the display to configure additional access protection of the S7-1500 CPU (This blocks remote client connections, even when the client can provide the correct password)
Apply "defense in depth" as outlined on pages 12ff of the operational guidelines for Industrial Security, especially: - Plant security: Physical prevention of access to critical components - Network security: Ensure that PLC systems are not connected to untrusted networks * System integrity: Configure, maintain and protect your device by applying applicable compensating controls and using built-in security capabilities
Update your entire solution to TIA Portal V17 and use TLS communication using individual certificates between PLC, HMIs and PG/PC

Siemens

Siemens · SIMATIC Drive Controller family <V2.9.2

Siemens · SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) <V21.9

Siemens · SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) vers:all/*

Siemens · SIMATIC S7-1200 CPU family (incl. SIPLUS variants) <V4.5.0

Siemens · SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) <V2.9.2

Siemens · SIMATIC S7-1500 Software Controller <V21.9

Siemens · SIMATIC S7-PLCSIM Advanced <V4.0

Multiple

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.