Siemens SIMATIC STEP 7 (TIA Portal)

CVEs (1)

Remediations

• Currently no fix is planned
• Update to V16 Update 5 or later version
• Update to V17 Update 2 or later version
• Whenever changes of the web server's user configuration are performed with one of the affected versions for S7-1200 or S7-1500 CPUs (incl. related ET200 CPUs and SIPLUS variants), validate web server permissions for unauthenticated users by directly accessing the web server in an unauthenticated manner. In case unauthenticated access is unintentionally possible, the web server's user configuration needs to be removed and reconfigured again using a TIA-Portal V16 Update 5 or V17 Update 2 or later
• In case a new TIA-Portal version is not available, updating the web server's user configuration is not effective in this situation. Instead - the PLC must be deleted and reconfigured with a new project. WARNING: The PLC-program should be copied before deleting the PLC. Or - the original project (one that was not uploaded by a PLC) should be used to update the web server's user management and to download the changed configuration

Affected Vendors

Affected Products (3)

Affected Sectors

Multiple