March 12, 2019

The NCCIC has updated this advisory with additional information on the technical details of the affected products and mitigation measures. This advisory was initially published on March 29, 2018 and last updated on February 5, 2019. Read the advisory at NCCIC/ICS-CERT.

May 17, 2018

The NCCIC has updated this advisory with additional details on affected products and mitigation measures. This advisory was initially published on March 8, 2018 and last updated on April 19. NCCIC/ICS-CERT.

March 8, 2018

ICS-CERT has released an advisory on vulnerabilities in Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module. Numerous versions of these product are affected. Successful exploitation of these vulnerabilities could allow an attacker to upload a modified device configuration that could overwrite access authorization passwords, or allow an attacker to capture certain network traffic that could contain authorization passwords. Siemens has provided a series of updates for mitigations. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.