ICSA-22-167-16
·
Published 2022-06-14
·
View on CISA ICS-CERT ↗
Siemens SCALANCE LPE 4903 and SINUMERIK Edge
CVSS 7.8
HIGH
CISA KEV — Known Exploited
CVEs (1)
Remediations
- Update to V2.0 or later version
- Update to V3.3.0 or later version
- Restrict system access to authorized personnel and follow a least privilege approach
- Temporary mitigation exists at the expense of pkexec’s capabilities. By removing SUID permissions, the program cannot run processes as root. However, any processes that rely on it for normal operation will be affected - SUID permission can be removed with chmod, as follows: chmod 0755 /usr/bin/pkexec
Affected Vendors
Siemens
Affected Products (2)
Siemens
·
SCALANCE LPE9403
<V2.0
Siemens
·
SINUMERIK Edge
<V3.3.0
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more