CVEs (2)
Remediations
- Siemens products that contain a vulnerable TLS server and have certificate-based client authentication enabled: do not configure trust for CA certificates, that contain a nameConstraint-extension (https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.10) with punycode-encoded internationalized domain names
- Siemens products that contain a vulnerable TLS client: in cases where this option is configurable: ensure that TLS server certificate verification is turned on and do not configure trust for CA certificates, that contain a nameConstraint-extension (https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.10) with punycode-encoded internationalized domain names
- As a mitigation for vulnerable versions: Ensure that only trusted (CA) certificates are contained in the Machine Agent's truststore
- As a mitigation for vulnerable versions: In the truststore, do not add CA certificates that contain a nameConstraint-extension ( https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.10) with punycode-encoded internationalized domain names
- Currently no fix is available
- Update to V2.13.0.3 or later version
- Update to V2.20 or later version
- Update to V2023.1 or later version
- Update to V5.3.0 or later version
Affected Vendors
Siemens
Affected Products (5)
Siemens
·
Calibre ICE
>=V2022.4<V2023.1
Siemens
·
Mcenter
>=V5.2.1<V5.3.0
Siemens
·
SCALANCE X-200RNA switch family
>=V3.2.7
Siemens
·
SICAM GridPass (6MD7711-2AA00-1EA0)
>=V1.80<V2.20
Siemens
·
SIMATIC RTLS Locating Manager
>=V2.13<V2.13.0.3
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more