March, 10, 2020
CISA has updated the advisory with additional details on the affected products and the nature of the vulnerability. Read the advisory at CISA.
January 25, 2018
ICS-CERT has updated this advisory with additional details on mitigation measures. ICS-CERT.
November 28, 2017
ICS-CERT has updated this advisory with additional details on mitigation measures. ICS-CERT.
July 25, 2017
ICS-CERT has updated its advisory titled “Siemens S7-300/400 PLC Vulnerabilities.” Additional mitigations have been added. ICS-CERT.
May 9, 2017
ICS-CERT has updated its advisory titled “Siemens S7-300/400 PLC Vulnerabilities.” An attacker with network access to Port 102/TCP (ISO-TSAP) or via Profibus could obtain credentials from the PLC if Protection-level 2 is configured on the affected devices. This vulnerability affects all listed affected products. Siemens provides firmware version V3.X.14 for S7-300 CPUs that resolves CVE-2016-9158. ICS-CERT.
December 13, 2016
ICS-CERT has released an announcement on password leak and denial-of-service vulnerabilities in Siemens’ S7-300 and S7-400 programmable logic controllers. Siemens has released Security Advisory SSA-731239 with advice to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely. Successful exploitation of these vulnerabilities could lead to a denial-of-service condition or result in credential disclosure. The products are deployed across several sectors including Energy and Water and Wastewater Systems. ICS-CERT.