ICSA-21-257-17
·
Published 2025-05-06
·
View on CISA ICS-CERT ↗
Siemens Desigo CC Family
CVSS 10.0
CRITICAL
CVEs (1)
Remediations
- Apply Patch 1520637
- Apply Patch 1417968
- Update to V4.2 QU1 and Apply Patch 1417967
- Update to V5.0 QU1 or later version
- If the user is using a software version equal or older than V3.x, no patches will be released. Siemens recommends to upgrade to V5.0 QU1 (or any newer version that will be released in the future).
- If a patch or Quality Update is not feasible, and if the user can accept to stop the use of Windows App and IE XBAP Web Client, then disable the Web Application and Web Client from SMC. As a result, Windows App and IE XBAP Web Client will stop working and the vulnerability cannot be exploited anymore.
- If all the above cannot apply, restrict Desigo CC to dedicated local networks, disabling the Internet access by blocking the CCOM Port for inbound and outbound communication. This will allow the use of Windows App and IE XBAP Client within a defined network space like the local network only. This action requires approval from the user as it will not remove the vulnerability but reduce the exposure. The vulnerability can be exploited in case the attacker can access the protected network first.
Affected Vendors
Siemens
Affected Products (12)
Siemens
·
Cerberus DMS V4.0
vers:all/*
Siemens
·
Cerberus DMS V4.1
vers:all/*
Siemens
·
Cerberus DMS V4.2
vers:all/*
Siemens
·
Cerberus DMS V5.0
<v5.0_QU1
Siemens
·
Desigo CC Compact V4.0
vers:all/*
Siemens
·
Desigo CC Compact V4.1
vers:all/*
Siemens
·
Desigo CC Compact V4.2
vers:all/*
Siemens
·
Desigo CC Compact V5.0
<V5.0_QU1
Siemens
·
Desigo CC V4.0
vers:all/*
Siemens
·
Desigo CC V4.1
vers:all/*
Siemens
·
Desigo CC V4.2
vers:all/*
Siemens
·
Desigo CC V5.0
<V5.0_QU1
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more