DIRECTORY

  • Alerts
  • APTs
  • Blog
  • Books
  • Certifications
  • Cheat Sheets
  • Courses
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Definitions
  • Domains
  • Entertainment
  • FAQ
  • Frameworks
  • Hardware Tools
  • Incidents
  • Malware
  • News
  • Papers
  • Podcasts
  • Quotes
  • Reports
  • Tools
  • Threats
  • Tutorials
No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
Get Help
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
Get Help
CyberMaterial
Home Alerts

Siemens Linux-based Products (Update J)

August 18, 2022
Reading Time: 2 mins read
in Alerts

 

 

This updated advisory is a follow-up to the advisory update titled ICSA-21-131-03 Siemens Linux-based Products (Update I) that was published August 11, 2022, to the ICS webpage at www.cisa.gov/ics.

Successful exploitation of this vulnerability could compromise confidentiality and integrity.

The following Siemens Linux-based products are affected:

  • RUGGEDCOM RM1224: All versions between v5.0 and v6.4
  • SCALANCE M-800: All versions between v5.0 and v6.4
  • SCALANCE S615: All versions between v5.0 and v6.4
  • SCALANCE SC-600: All versions prior to v2.1.3
  • SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0
  • SIMATIC MV500 Family: All versions
  • SIMATIC CP 1243-7 LTE EU: Versions 3.1.39 and later, and prior to Version 3.3
  • SIMATIC CP 1243-7 LTE US: Versions 3.1.39 and later, and prior to Version 3.3
  • SIMATIC CP 1242-7 GPRS V2: Versions 3.1.39 and prior to Version 3.3
  • SIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants): Versions 2.0 and later
  • SIMATIC CP 1542SP-1: Versions 2.0 and later
  • SIMATIC CP 1543-1 (incl. SIPLUS variants): Versions prior to 3.0
  • SIMATIC CP 1543SP-1 (incl SIPLUS variants): Versions 2.0 and later
  • SIMATIC CP 1545-1: All versions prior to v1.1

Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:

  • Where possible, apply the following countermeasures:
    • Use name servers inside corporate environments.
    • Restrict access of CLI and web-based management interfaces for the affected devices to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 where possible.
    • Disable outgoing ICMP packets by using “service ACLs” to implement blocking rules.

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to the Siemens operational guidelines for industrial security and following the recommendations in the product manuals.

For additional information, please refer to Siemens Security Advisory SSA-324955

 

READ FULL ARTICLE

Tags: AlertsAlerts 2022August 2022SiemensSiemens Security AdvisoryUpdateVulnerabilities
0
VIEWS
ADVERTISEMENT

Related Posts

Cyber Espionage in North Africa

Cyber Espionage in North Africa

June 9, 2023
Barracuda Urges ESG Appliance Replacement

Barracuda Urges ESG Appliance Replacement

June 9, 2023
North Korean Kimsuky: Targeting Experts

North Korean Kimsuky: Targeting Experts

June 9, 2023
Belarusian Hackers: Cybercrime and Espionage

Belarusian Hackers: Cybercrime and Espionage

June 9, 2023

More Articles

Incidents

Zoll Medical notifies of data breach

March 15, 2023
Incidents

OpIran: Anonymous declares war on Teheran

September 28, 2022
Cyber Citizens

“Executives tend to have more attack vectors….”

December 28, 2021
Book

Critical Security Studies in the Digital Age

April 12, 2023

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
  • Report Cyber Incident
  • GET HELP

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.