Siemens SIMATIC WinCC, OpenPCS

CVSS 6.5 MEDIUM

CVEs (2)

CVE-2023-48363 CVE-2023-48364

Currently no fix is planned
Update to V18 Update 4 or later version
Update to V19 Update 2 or later version
Update to V7.5 SP2 Update 15 or later version
Update to V8.0 Update 4 or later version
Update to V9.1 SP2 UC05 or later version
See remediation for SIMATIC PCS 7 V9.1
Ensure that SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC PCS 7 stations communicate via encrypted channels (i.e. activate feature “Encrypted Communication” in SIMATIC WinCC and SIMATIC PCS 7). Enabling “Encrypted Communication” completely mitigates the vulnerability

Siemens

Siemens · OpenPCS 7 V9.1 <V9.1_SP2_UC05

Siemens · SIMATIC BATCH V9.1 <V9.1_SP2_UC05

Siemens · SIMATIC PCS 7 V9.1 <V9.1_SP2_UC05

Siemens · SIMATIC Route Control V9.1 <V9.1_SP2_UC05

Siemens · SIMATIC WinCC Runtime Professional V18 <V18_Update_4

Siemens · SIMATIC WinCC Runtime Professional V19 <V19_Update_2

Siemens · SIMATIC WinCC V7.4 vers:all/*

Siemens · SIMATIC WinCC V7.5 <V7.5_SP2_Update_15

Siemens · SIMATIC WinCC V8.0 <V8.0_Update_4

Multiple

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.