← Back to home
ICSA-22-132-05  ·  Published 2022-12-13  ·  View on CISA ICS-CERT ↗

Siemens Industrial PCs and CNC devices

CVSS 7.8 HIGH

CVEs (4)

Remediations

  • As a prerequisite for an attack, an attacker must be able to run untrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code if possible.
  • Applying a Defense-in-Depth concept can help to reduce the probability that untrusted code is run on the system. Siemens recommends to apply the Defense-in-Depth concept: https://www.siemens.com/industrialsecurity
  • Update BIOS to V26.01.08 or later version
  • Update BIOS to V1.4.0 or later version
  • Update BIOS to R1.30.0 or later version
  • Update BIOS to V25.02.08 or later version
  • Update BIOS to V22.01.08 or later version
  • Update BIOS to V21.01.15 or later version
  • Update BIOS to V23.01.08 or later version
  • Update BIOS to V27.01.05 or later version
  • Update BIOS to V0209_0105 or later version
  • Update BIOS to V05.00.00.00 or later version SINUMERIK software can be obtained from your local Siemens account manager.
  • Update BIOS to V08.00.00.00 or later version SINUMERIK software can be obtained from your local Siemens account manager.
  • Update BIOS to V06.00.00.00 or later version SINUMERIK software can be obtained from your local Siemens account manager.
  • Update BIOS to V05.00.01.00 or later version The update can be obtained from your local Siemens account manager.
  • Update BIOS to V04.00.00.00 or later version SINUMERIK software can be obtained from your local Siemens account manager.

Affected Vendors

Siemens

Affected Products (20)

Siemens · SIMATIC Drive Controller family <V05.00.01.00
Siemens · SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) <V0209_0105
Siemens · SIMATIC Field PG M5 <BIOS_V22.01.08
Siemens · SIMATIC Field PG M6 <V26.01.08
Siemens · SIMATIC IPC127E vers:all/*
Siemens · SIMATIC IPC427E (incl. SIPLUS variants) <BIOS_V21.01.15
Siemens · SIMATIC IPC477E <BIOS_V21.01.15
Siemens · SIMATIC IPC477E Pro <BIOS_V21.01.15
Siemens · SIMATIC IPC527G <BIOS_V1.4.0
Siemens · SIMATIC IPC547G <R1.30.0
Siemens · SIMATIC IPC627E <BIOS_V25.02.08
Siemens · SIMATIC IPC647E <BIOS_V25.02.08
Siemens · SIMATIC IPC677E <BIOS_V25.02.08
Siemens · SIMATIC IPC847E <BIOS_V25.02.08
Siemens · SIMATIC ITP1000 <BIOS_V23.01.08
Siemens · SINUMERIK 828D HW PU.4 <V08.00.00.00
Siemens · SINUMERIK MC MCU 1720 <V05.00.00.00
Siemens · SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10 <V08.00.00.00
Siemens · SINUMERIK ONE NCU 1740 <V04.00.00.00
Siemens · SINUMERIK ONE PPU 1740 <V06.00.00.00

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more