Siemens Industrial Products (Update A) (ICSA-18-023-02) – Product Used in the Water and Wastewater and Energy Sectors

February 12, 2019

The NCCIC has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at NCCIC/ICS-CERT.

January 23, 2018

ICS-CERT has released an advisory on a Siemens Industrial Products vulnerability. Numerous versions of this product are affected. Successful exploitation of this vulnerability could cause the targeted device to enter a denial-of-service condition, which may require human interaction to recover the system. Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to run the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ Operational Guidelines for Industrial Security and to follow the recommendations in the product manuals. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.