You are here

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update K) (ICSA-17-129-01I) – Product Used in Energy and Water and Wastewater Systems Sectors

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update K) (ICSA-17-129-01I) – Product Used in Energy and Water and Wastewater Systems Sectors

Created: Friday, February 15, 2019 - 09:35
Categories:
Cybersecurity, Federal & State Resources

February 14, 2019

The NCCIC has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at NCCIC/ICS-CERT.

February 27, 2018

ICS-CERT has updated this advisory with additional details on affected products and mitigation details. ICS-CERT.

January 23, 2018

ICS-CERT has updated this advisory with additional details on affected products and mitigation details. ICS-CERT.

November 14, 2017

ICS-CERT has updated this advisory with mitigation details. ICS-CERT.

October 10, 2017

ICS-CERT has updated this advisory with mitigation details. ICS-CERT.

August 17, 2017

ICS-CERT has updated its advisory titled “Siemens devices using the PROFINET Discovery and Configuration Protocol.” Additional affected products and mitigations have been added. ICS-CERT.

July 25, 2017

ICS-CERT has updated its advisory titled “Siemens devices using the PROFINET Discovery and Configuration Protocol.” Additional affected products and mitigations have been added. ICS-CERT.

July 6, 2017

ICS-CERT has updated its advisory titled “Siemens devices using the PROFINET Discovery and Configuration Protocol.” Additional affected products have been added and additional updates have been provided. ICS-CERT.

June 15, 2017

ICS-CERT has updated its alert titled “Siemens SIMATIC Authentication Bypass.” Siemens reports additional products affected. ICS-CERT.

February 14, 2017

ICS-CERT has released an advisory on a Siemens SIMATIC Authentication Bypass. Siemens reports that the vulnerability affects SIMATIC Logon. SIMATIC WinCC: V7.x, SIMATIC WinCC Runtime Professional: All versions, SIMATIC PCS 7: All versions, SIMATIC PDM: All versions, and SIMATIC IT: All versions include affected versions of SIMATIC Logon. Successful exploitation of this vulnerability could allow attackers to circumvent user authentication under certain conditions. Siemens provides SIMATIC Logon V1.5 SP3 Update 2 and recommends that users update to the new version. ICS-CERT.