ICSA-22-286-04
·
Published 2022-10-11
·
View on CISA ICS-CERT ↗
Siemens SIMATIC S7-1200 and S7-1500 CPU Families
CVSS 9.3
CRITICAL
CVEs (1)
Remediations
- Use legacy (i.e., not TLS-based) PG/PC and HMI communication only in trusted network environments
- Protect access to the TIA Portal project and CPU (including related memory cards) from unauthorized actors
- Currently no fix is planned
- Update to V2.9.2 or later version, migrate project in TIA Portal to this version and redeploy.
- Within the project, configure the CPU to "Only allow secure PG/PC and HMI communication"
- Update to V21.9 or later version, migrate project in TIA Portal to this version and redeploy.
- Update to V4.5.0 or later version, migrate project in TIA Portal to this version and redeploy.
- Update to V4.0 or later version, migrate project in TIA Portal to the corresponding version and redeploy.
Affected Vendors
Siemens
Affected Products (7)
Siemens
·
SIMATIC Drive Controller family
<V2.9.2
Siemens
·
SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)
vers:all/*
Siemens
·
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
<V21.9
Siemens
·
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)
<V4.5.0
Siemens
·
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)
<V2.9.2
Siemens
·
SIMATIC S7-1500 Software Controller
<V21.9
Siemens
·
SIMATIC S7-PLCSIM Advanced
<V4.0
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more