March 20, 2018

The NCCIC has updated this advisory with additional details on affected products and mitigation measures. ICS-CERT.

February 27, 2018

ICS-CERT has released an advisory on a Siemens SIMATIC Industrial PCs vulnerability. Siemens reports the vulnerability affects a number of versions of SIMATIC Industrial PCs using a version of Infineon’s Trusted Platform Model (TPM). Successful exploitation of this vulnerability could make it easier for attackers to conduct cryptographic attacks against the key material. As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to run the devices in a protected IT environment, Siemens particularly recommends to configure the environment according to Siemens’ Operational Guidelines for Industrial Security and to follow the recommendations in the product manuals. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.