ICSA-21-350-12 · Published 2025-05-06 · View on CISA ICS-CERT ↗

Siemens SIMATIC ITC

CVSS 9.8 CRITICAL

CVEs (19)

CVE-2017-18922 CVE-2018-20019 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 CVE-2018-21247 CVE-2019-15681 CVE-2019-15690 CVE-2019-20788 CVE-2019-20839 CVE-2019-20840 CVE-2020-14396 CVE-2020-14397 CVE-2020-14398 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 CVE-2020-14405

Remediations

Update to V3.2.1.0 or later version
Monitor and restrict access to port 5900/tcp to trusted IP addresses only

Affected Vendors

Siemens

Affected Products (6)

Siemens · SIMATIC ITC1500 V3 <V3.2.1.0

Siemens · SIMATIC ITC1500 V3 PRO <V3.2.1.0

Siemens · SIMATIC ITC1900 V3 <V3.2.1.0

Siemens · SIMATIC ITC1900 V3 PRO <V3.2.1.0

Siemens · SIMATIC ITC2200 V3 <V3.2.1.0

Siemens · SIMATIC ITC2200 V3 PRO <V3.2.1.0

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more