Siemens SIMATIC Industrial PCs (ICSA-18-058-01) – Product Used in the Water and Wastewater and Energy Sectors

ICS-CERT has released an advisory on a Siemens SIMATIC Industrial PCs vulnerability. Siemens reports the vulnerability affects a number of versions of SIMATIC Industrial PCs using a version of Infineon’s Trusted Platform Model (TPM). Successful exploitation of this vulnerability could make it easier for attackers to conduct cryptographic attacks against the key material. As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to run the devices in a protected IT environment, Siemens particularly recommends to configure the environment according to Siemens’ Operational Guidelines for Industrial Security and to follow the recommendations in the product manuals. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.