ICSA-23-166-12 · Published 2023-06-14 · View on CISA ICS-CERT ↗

Siemens SINAMICS Medium Voltage Products

CVSS 9.8 CRITICAL

CVEs (23)

CVE-2018-25032 CVE-2021-42374 CVE-2021-42378 CVE-2021-42379 CVE-2021-42380 CVE-2021-42381 CVE-2021-42382 CVE-2021-42383 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386 CVE-2022-0547 CVE-2022-1199 CVE-2022-1292 CVE-2022-1343 CVE-2022-1473 CVE-2022-23308 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-35252 CVE-2022-36946

Remediations

Restrict physical access to the affected drives, also to their Ethernet Port included on the front of the control door
Disconnect any direct network connection to the integrated SCALANCE S615 device
Update the firmware of the integrated SCALANCE S615 device to V7.2 or later version

Affected Vendors

Siemens

Affected Products (1)

Siemens · SINAMICS PERFECT HARMONY GH180 6SR5 vers:all/*

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more