← Back to home
ICSA-22-286-07  ·  Published 2023-02-14  ·  View on CISA ICS-CERT ↗

Siemens Nucleus RTOS FTP Server

CVSS 7.5 HIGH

CVEs (1)

Remediations

  • Configure TCP_MAX_KEEPALIVES to a lower value such as 3. Additionally, configure TCP_KEEPALIVE_INTERVAL and TCP_KEEPALIVE_DELAY be set to 3 seconds. Rebuild your application.
  • Contact customer support to receive patch and update information
  • Update to V2012.08.1 and apply the patch "v2022.11"
  • Update to V2017.02.4 and apply the patch "2017.02.4_patch_CVE-2022-38371"
  • Update to V5.2a as available in Nucleus PLUS V1.15 and apply the patch "v2022.11"
  • Update to V5.4 as available in Nucleus PLUS V2.1f and apply the patch "v2022.11"

Affected Vendors

Siemens

Affected Products (5)

Siemens · Nucleus NET for Nucleus PLUS V1 <V5.2a
Siemens · Nucleus NET for Nucleus PLUS V2 <V5.4
Siemens · Nucleus ReadyStart V3 V2012 <V2012.08.1
Siemens · Nucleus ReadyStart V3 V2017 <V2017.02.4
Siemens · Nucleus Source Code All_versions_including_affected_FTP_server

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more