← Back to home
ICSA-22-349-09  ·  Published 2026-04-16  ·  View on CISA ICS-CERT ↗

Siemens Products affected by OpenSSL 3.0

CVSS 7.5 HIGH

Risk Summary

The openSSL component, versions 3.0.0 through 3.0.6, contains two buffer overflow vulnerabilities (CVE-2022-3602, CVE-2022-3786) in the X.509 certificate verification [0]. They could allow an attacker to create a denial of service condition or execute arbitrary code on a vulnerable TLS server (if the server requests client certificate authentication), or on a vulnerable TLS client. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available. [0] https://www.openssl.org/news/secadv/20221101.txt

CVEs (2)

Remediations

  • As a mitigation for vulnerable versions: Ensure that only trusted (CA) certificates are contained in the Machine Agent's truststore
  • As a mitigation for vulnerable versions: In the truststore, do not add CA certificates that contain a nameConstraint-extension (https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.10) with punycode-encoded internationalized domain names
  • Siemens products that contain a vulnerable TLS client: in cases where this option is configurable: ensure that TLS server certificate verification is turned on and do not configure trust for CA certificates, that contain a nameConstraint-extension (https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.10) with punycode-encoded internationalized domain names
  • Siemens products that contain a vulnerable TLS server and have certificate-based client authentication enabled: do not configure trust for CA certificates, that contain a nameConstraint-extension (https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.10) with punycode-encoded internationalized domain names
  • Update to V2.13.0.3 or later version
  • Update to V2.20 or later version
  • Update to V2023.1 or later version
  • Update to V3.2.8 or later version
  • Update to V5.3.0 or later version

Affected Vendors

Siemens

Affected Products (9)

Siemens · Calibre ICE vers:intdot/>=2022.4|<2023.1
Siemens · Mcenter vers:intdot/>=5.2.1|<5.3.0
Siemens · SCALANCE X204RNA (HSR) (6GK5204-0BA00-2MB2) vers:intdot/>=3.2.7|<3.2.8
Siemens · SCALANCE X204RNA (PRP) (6GK5204-0BA00-2KB2) vers:intdot/>=3.2.7|<3.2.8
Siemens · SCALANCE X204RNA EEC (HSR) (6GK5204-0BS00-2NA3) vers:intdot/>=3.2.7|<3.2.8
Siemens · SCALANCE X204RNA EEC (PRP) (6GK5204-0BS00-3LA3) vers:intdot/>=3.2.7|<3.2.8
Siemens · SCALANCE X204RNA EEC (PRP/HSR) (6GK5204-0BS00-3PA3) vers:intdot/>=3.2.7|<3.2.8
Siemens · SICAM GridPass vers:intdot/>=1.80|<2.20
Siemens · SIMATIC RTLS Locating Manager vers:intdot/>=2.13.0.0|<2.13.0.3

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more