Siemens S7-1200 CPU (Update B) (ICSA-19-318-02) – Product Used in the Water and Wastewater and Energy Sectors

July 14, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

December 10, 2019

CISA has updated this advisory with additional details on the affected products. Read the advisory at CISA.

November 18, 2019

CISA has published an advisory on an exposed dangerous method or function vulnerability in Siemens S7-1200 CPU. All versions of S7-1200 are affected. Successful exploitation of this vulnerability could expose additional diagnostic functionality to an attacker with physical access to the UART interface during boot process. Siemens has identified specific workarounds and mitigations that users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.