ICSA-23-047-09
·
Published 2025-05-06
·
View on CISA ICS-CERT ↗
Siemens SIMATIC Industrial Products
CVSS 7.9
HIGH
CVEs (1)
Remediations
- Currently no fix is available
- Update to V21.01.19 or later version
- Update to V22.01.11 or later version
- Update to V25.02.14 or later version
- Update to V26.01.11 or later version
- Update to V29.01.03 or later version
- As a prerequisite for an attack, an attacker must be able to run untrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code if possible.
Affected Vendors
Siemens
Affected Products (14)
Siemens
·
SIMATIC Field PG M5
<V22.01.11
Siemens
·
SIMATIC Field PG M6
<V26.01.11
Siemens
·
SIMATIC IPC427E
<V21.01.19
Siemens
·
SIMATIC IPC477E
<V21.01.19
Siemens
·
SIMATIC IPC477E PRO
<V21.01.19
Siemens
·
SIMATIC IPC627E
<V25.02.14
Siemens
·
SIMATIC IPC647E
<V25.02.14
Siemens
·
SIMATIC IPC677E
<V25.02.14
Siemens
·
SIMATIC IPC847E
<V25.02.14
Siemens
·
SIMATIC IPC BX-39A
<V29.01.03
Siemens
·
SIMATIC IPC PX-39A
<V29.01.03
Siemens
·
SIMATIC IPC PX-39A PRO
<V29.01.03
Siemens
·
SIMATIC ITP1000
vers:all/*
Siemens
·
SIPLUS IPC427E
<V21.01.19
Affected Sectors
Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more