Siemens S7-400 CPUs (Update A) (ICSA-18-317-02) – Products Used in the Energy Sector

May 14, 2019

The NCCIC has updated this advisory with additional information on the technical details of the vulnerability and mitigation measures. Read the advisory at NCCIC/ICS-CERT.

November 13, 2018

The NCCIC has released an advisory on an improper input validation vulnerability in Siemens S7-400 CPUs. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could crash the device being accessed which may require a manual reboot or firmware re-image to bring the system back to normal operation. Siemens recommends a series of mitigations to addresss these vulnerabilities. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.