You are here

Siemens SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open Controller (ICSA-18-282-05) – Products Used in the Water and Wastewater and Energy Sectors

Siemens SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open Controller (ICSA-18-282-05) – Products Used in the Water and Wastewater and Energy Sectors

Created: Thursday, October 11, 2018 - 18:14
Categories:
Cybersecurity

The NCCIC has released an advisory on a denial of service for improper input validation vulnerability in Siemens SIMATIC S7-1500, SIMATIC S7-1500 Software Controller, and SIMATIC ET 200SP Open Controller. Multiple products and versions of those products are affected. An attacker with network access to the PLC may be able to cause a denial-of-service condition on the network stack. Siemens has provided updates to address this vulnerability and recommends users update to the new version. Additionally, Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk: restrict network access to affected devices, apply cell-protection concept, and apply defense-in-depth. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.