#SIEMENS SIMATIC S7 1500 UPDATE#
For SIMATIC S7-1500 Software Controller, Siemens recommends users update to v20.8 (v2x.8 corresponds to v2.8 of the S7-1500 CPU firmware).įor more information on this vulnerability and associated software updates, please see Siemens security advisory SSA-750824ĬISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.related ET200 CPUs and SIPLUS variants), Siemens recommends users update to v2.8 SIPLUS variants), Siemens recommends users update to v20.8 (v2x.8 corresponds to v2.8 of the S7-1500 CPU firmware). For SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl.Restrict network access to affected devices.Siemens has released updates for several affected products and recommends specific workarounds and mitigations that customers can apply to reduce the risk: Siemens reported this vulnerability to CISA. CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing.A CVSS v3 base score of 7.5 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The vulnerability can be triggered if specially crafted UDP packets are sent to the device.ĬVE-2019-19281 has been assigned to this vulnerability. SIMATIC S7-1500 Software Controller: All versions v2.5 or higher and lower than v20.8Ĥ.2 VULNERABILITY OVERVIEW 4.2.1 UNCONTROLLED RESOURCE CONSUMPTION (‘RESOURCE EXHAUSTION’) CWE-400Īffected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition.related ET200 CPUs and SIPLUS variants): All versions v2.5 or higher and lower than v2.8 SIPLUS variants): All versions v2.5 or higher and lower than v20.8 SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl.The following versions of SIMATIC are affected: This vulnerability could allow a remote attacker to conduct denial-of-service attacks.
This updated advisory is a follow-up to the original advisory titled ICSA-20-042-11 Siemens SIMATIC S7-1500 that was published February 11, 2020, to the ICS webpage on.