You are here

Siemens SCALANCE Products (Update A) (ICSA-19-227-03) – Products Used in the Water and Wastewater and Energy Sectors

Siemens SCALANCE Products (Update A) (ICSA-19-227-03) – Products Used in the Water and Wastewater and Energy Sectors

Created: Tuesday, July 14, 2020 - 14:02
Categories:
Cybersecurity

July 14, 2020

CISA has updated this advisory with additional information on mitigation measures. Read the advisory at CISA.

August 16, 2019

The NCCIC has published an advisory on an improper adherence to coding standards vulnerability in Siemens SCALANCE Products. Numerous products and versions of the products are affected. Successful exploitation of these vulnerabilities could lead to a denial of service or could allow an authenticated local user with physical access to the device to execute arbitrary commands on the device. Siemens has issued an update for one of the affected products and has indicated it is preparing further updates and recommends users apply specific workarounds and mitigations to reduce risk until patches are available. The NCCIC also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.