ICSA-22-132-10 · Published 2022-06-16 · View on CISA ICS-CERT ↗

Siemens Desigo PXC and DXR Devices

CVSS 9.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to potentially intercept unencrypted transmission of sensitive information, cause a denial-of-service condition, perform remote code execution, or disable and reset a device to factory state.

CVEs (8)

CVE-2022-24039 CVE-2022-24040 CVE-2022-24041 CVE-2022-24042 CVE-2022-24043 CVE-2022-24044 CVE-2022-24045 CVE-2021-41545

Remediations

Siemens recommends updating to the latest software version: Desigo DXR2: Update to v01.21.142.5-22 or later
Siemens recommends updating to the latest software version: Desigo PXC3: Update to v01.21.142.4-18 or later
Siemens recommends updating to the latest software version: Desigo PXC4: Update to v02.20.142.10-10884 or later
Siemens recommends updating to the latest software version: Desigo PXC5: Update to v02.20.142.10-10884 or later
Contact Siemens for update information.
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens ' operational guidelines for industrial security and following the recommendations in the product manuals.
For additional information, please refer to Siemens Security Advisory SSA-626968
For additional information, please refer to Siemens Security Advisory SSA-662649

Affected Vendors

Siemens

Affected Products (4)

Siemens · Desigo DXR2 < 01.21.142.5-22

Siemens · Desigo PXC3 < 01.21.142.4-18

Siemens · Desigo PXC4 < 02.20.142.10-10884

Siemens · Desigo PXC5 < 02.20.142.10-10884

Affected Sectors

Multiple Sectors

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more