← Back to home
ICSA-24-074-07  ·  Published 2024-03-14  ·  View on CISA ICS-CERT ↗

Siemens SIMATIC

CVSS 9.8 CRITICAL CISA KEV — Known Exploited

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code within the context of a privileged process.

CVEs (157)

CVE-2017-14491 CVE-2017-18509 CVE-2020-0338 CVE-2020-0417 CVE-2020-10768 CVE-2020-11301 CVE-2020-14305 CVE-2020-14381 CVE-2020-15436 CVE-2020-24587 CVE-2020-25705 CVE-2020-26555 CVE-2020-26558 CVE-2020-29660 CVE-2020-29661 CVE-2021-0302 CVE-2021-0305 CVE-2021-0325 CVE-2021-0326 CVE-2021-0327 CVE-2021-0328 CVE-2021-0329 CVE-2021-0330 CVE-2021-0331 CVE-2021-0333 CVE-2021-0334 CVE-2021-0336 CVE-2021-0337 CVE-2021-0339 CVE-2021-0341 CVE-2021-0390 CVE-2021-0391 CVE-2021-0392 CVE-2021-0393 CVE-2021-0394 CVE-2021-0396 CVE-2021-0397 CVE-2021-0399 CVE-2021-0400 CVE-2021-0429 CVE-2021-0431 CVE-2021-0433 CVE-2021-0434 CVE-2021-0435 CVE-2021-0436 CVE-2021-0437 CVE-2021-0438 CVE-2021-0443 CVE-2021-0444 CVE-2021-0471 CVE-2021-0473 CVE-2021-0474 CVE-2021-0476 CVE-2021-0478 CVE-2021-0480 CVE-2021-0481 CVE-2021-0484 CVE-2021-0506 CVE-2021-0507 CVE-2021-0508 CVE-2021-0509 CVE-2021-0510 CVE-2021-0511 CVE-2021-0512 CVE-2021-0513 CVE-2021-0514 CVE-2021-0515 CVE-2021-0516 CVE-2021-0519 CVE-2021-0520 CVE-2021-0521 CVE-2021-0522 CVE-2021-0584 CVE-2021-0585 CVE-2021-0586 CVE-2021-0587 CVE-2021-0588 CVE-2021-0589 CVE-2021-0591 CVE-2021-0593 CVE-2021-0594 CVE-2021-0596 CVE-2021-0597 CVE-2021-0598 CVE-2021-0599 CVE-2021-0600 CVE-2021-0601 CVE-2021-0604 CVE-2021-0640 CVE-2021-0641 CVE-2021-0642 CVE-2021-0646 CVE-2021-0650 CVE-2021-0651 CVE-2021-0652 CVE-2021-0653 CVE-2021-0682 CVE-2021-0683 CVE-2021-0684 CVE-2021-0687 CVE-2021-0688 CVE-2021-0689 CVE-2021-0690 CVE-2021-0692 CVE-2021-0695 CVE-2021-0704 CVE-2021-0706 CVE-2021-0708 CVE-2021-0870 CVE-2021-0919 CVE-2021-0920 CVE-2021-0926 CVE-2021-0928 CVE-2021-0929 CVE-2021-0930 CVE-2021-0931 CVE-2021-0933 CVE-2021-0952 CVE-2021-0953 CVE-2021-0961 CVE-2021-0963 CVE-2021-0964 CVE-2021-0965 CVE-2021-0967 CVE-2021-0968 CVE-2021-0970 CVE-2021-1972 CVE-2021-1976 CVE-2021-29647 CVE-2021-33909 CVE-2021-38204 CVE-2021-39621 CVE-2021-39623 CVE-2021-39626 CVE-2021-39627 CVE-2021-39629 CVE-2021-39633 CVE-2021-39634 CVE-2022-20127 CVE-2022-20130 CVE-2022-20227 CVE-2022-20229 CVE-2022-20355 CVE-2022-20411 CVE-2022-20421 CVE-2022-20422 CVE-2022-20423 CVE-2022-20462 CVE-2022-20466 CVE-2022-20468 CVE-2022-20469 CVE-2022-20472 CVE-2022-20473 CVE-2022-20476 CVE-2022-20483 CVE-2022-20498 CVE-2022-20500

Remediations

  • Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.
  • As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.
  • Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage
  • For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SIMATIC RF160B (6GT2003-0FA00) <V2.2

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more