SIEMENS-SSA-232418 · Published 2022-08-09 · View on Siemens ProductCERT ↗

SSA-232418 V1.4 (Last Update: 2022-08-09): Vulnerabilities in SIMATIC S7-1200 and SIMATIC S7-1500 CPU Families

CVSS 7.5 HIGH

Risk Summary

<p> Two vulnerabilities have been identified in the SIMATIC S7-1200/S7-1500 CPU families and related products. One vulnerability (CVE-2019-10943) could allow an attacker with network access to affected devices to modify the user program stored on these devices such that the source code differs from the actual running code. The other vulnerability (CVE-2019-10929) could allow an attacker in a Man-in-the-Middle position to modify network traffic exchanged on port 102/tcp. </p> <p> Siemens has released updates for several affected products to fix CVE-2019-10929 and recommends to update to the latest versions. Regarding CVE-2019-10943, Siemens recommends specific countermeasures for products where updates are not, or not yet available. </p>

CVEs (2)

CVE-2019-10943 CVE-2019-10929

Remediations

Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-232418 V1.4 (Last Update: 2022-08-09): Vulnerabilities in SIMATIC S7-1200 and SIMATIC S7-1500 CPU Families See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more