Siemens CP, SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update I) (ICSA-19-099-06) – Products Used in the Water and Wastewater and Energy Sector

August 11, 2020

CISA has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.

June 9, 2020

CISA has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.

February 11, 2020

CISA has updated this advisory with additional information on the affected products and mitigating measures. Read the advisory at CISA.

January 14, 2020

CISA has updated this advisory with additional information on the affected products and mitigating measures. Read the advisory at CISA.

October 8, 2019

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

July 9, 2019

The NCCIC has updated this advisory with additional information on the technical details of the affected products and mitigation measures. Read the advisory at CISA.

June 11, 2019

The NCCIC has updated this advisory with additional information on the affected products and mitigating measures. Read the advisory at NCCIC/ICS-CERT.

May 14, 2019

The NCCIC has updated this advisory with additional information on the technical details of the vulnerability and mitigation measures. Read the advisory at NCCIC/ICS-CERT.

April 9, 2019

The NCCIC has published an advisory on an out-of-bounds read vulnerability in Siemens Siemens CP, SIAMTIC, SIMOCODE, SINAMICS, SITOP, and TIM. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could result in a denial-of-service condition leading to a restart of the webserver. Siemens has provided firmware updates and also recommends users apply specific workarounds and mitigations to reduce risk. The NCCIC has also provided a series of measures for mitigating the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.