ICSA-21-257-18
·
Published 2025-05-06
·
View on CISA ICS-CERT ↗
Siemens Siveillance OIS
CVSS 10.0
CRITICAL
CVEs (1)
Remediations
- Update the OIS to V2.5.3 or apply the patch
- Update the OIS to V2.5.3 or V2.6.1, or apply the patch
- Update the OIS to V2.5.3 or V2.6.0, or apply the patch
- Ensure that the systems where Siveillance OIS is installed are only accessible by trusted personnel
- Restrict access to the affected systems, especially to port 443/tcp, to trusted IP addresses only
Affected Vendors
Siemens
Affected Products (5)
Siemens
·
Desigo CC
All_versions_with_OIS_Extension_Module
Siemens
·
GMA-Manager
<=with_OIS_running_on_Debian_9
Siemens
·
Operation Scheduler
<=with_OIS_running_on_Debian_9
Siemens
·
Siveillance Control
<=with_OIS_running_on_Debian_9
Siemens
·
Siveillance Control Pro
vers:all/*
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more