Siemens SIPROTEC 5 and DIGSI 5 (Update C) (ICSA-19-190-05) – Products Used in the Energy Sector

May 12, 2020

CISA has updated this advisory with additional information on the affected products and mitigation measures. Read the advisory at CISA.

December 10, 2019

CISA has updated this advisory with additional details on the affected measures and mitigation measures. Read the advisory at CISA.

August 13, 2019

The NCCIC has updated this advisory with additional information on mitigation measures. This advisory was originally published on July 9, 2019. Read the advisory at CISA.

July 9, 2019

The NCCIC has published an advisory on an improper input validation vulnerability in Siemens SIPROTEC 5 and DIGSI 5. Numerous products and versions are affected. Successful exploitation of these vulnerabilities could allow a denial-of-service condition and limited control of file upload, download, and delete functions. Siemens recommends users upgrade to V7.90 where available and apply specific mitigations. The NCCIC also advises of a series of measures for mitigating this vulnerability. Read the advisory at CISA.