ICSA-21-257-20
·
Published 2021-09-14
·
View on CISA ICS-CERT ↗
Siemens LOGO! CMR and SIMATIC RTU 3000
CVSS 7.5
HIGH
Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker with access to any of the interfaces of an affected device to impact the availability or to communicate with invalid certificates.
CVEs (2)
Remediations
- For LOGO! CMR2020, Siemens recommends affected users update to v2.2 or later.
- For LOGO! CMR2040, Siemens recommends affected users update to v2.2 or later.
- For the SIMATIC RTU 3000 family, Siemens recommends affected users use the certificate projection feature to pin the valid certificates of external servers providing services to the RTU/CMR devices. Refer to the product manual for further information.
Affected Vendors
Siemens
Affected Products (3)
Siemens
·
LOGO! CMR2040
< 2.2
Siemens
·
SIMATIC RTU 3000 family
vers:all/*
Siemens
·
LOGO! CMR2020
< 2.2
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more