Siemens Desigo PXC (Update C) (ICSA-18-025-02B)

March 12, 2019

The NCCIC has updated this advisory with additional information on the technical details of the affected products and mitigation measures. Read the advisory at NCCIC/ICS-CERT.

March 22, 2018

The NCCIC has updated this advisory with additional details on affected products. ICS-CERT.

February 6, 2018

ICS-CERT has updated this advisory with additional details about mitigating the vulnerability. ICS-CERT.

January 25, 2018

ICS-CERT has released an advisory on a Siemens Desigo PXC vulnerability. Numerous versions of this product are affected. Successful exploitation of this vulnerability could allow unauthenticated remote attackers to upload malicious firmware without prior authentication. Siemens has provided an updated version that fixes the vulnerability for the affected products and recommends users update to the newest version V6.00.204 or a later version. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.