ICSA-22-132-08
·
Published 2023-10-10
·
View on CISA ICS-CERT ↗
Siemens Industrial Products with OPC UA
CVSS 6.5
MEDIUM
CVEs (1)
Remediations
- Do not use OPC client feature to connect via untrusted networks or to untrusted OPC-UA communication partners
- Use VPN for protecting network communication between cells
- Currently no fix is planned
- Update to V1.2.4 or later version
- Update to V3.1.1 or later version
- Update SIMATIC WinCC (TIA Portal) to V17 Update 5 or newer, and then update panel to V17 Update 5 or newer
- Update to V16 Update 6 or later version
- Update to V14 SP1 Update 14 or later version
- Update to V17 SP1 or later version
Affected Vendors
Siemens
Affected Products (9)
Siemens
·
SIMATIC HMI Comfort Outdoor Panels (incl. SIPLUS variants)
<V17_Update_5
Siemens
·
SIMATIC HMI Comfort Panels (incl. SIPLUS variants)
<V17_Update_5
Siemens
·
SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F
<V17_Update_5
Siemens
·
SIMATIC NET PC Software V14
<V14_SP1_Update_14
Siemens
·
SIMATIC NET PC Software V15
vers:all/*
Siemens
·
SIMATIC NET PC Software V16
<V16_Update_6
Siemens
·
SIMATIC NET PC Software V17
<V17_SP_1
Siemens
·
SITOP Manager
<V1.2.4
Siemens
·
TeleControl Server Basic V3
<V3.1.1
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more