SIMATIC NET PC-Software V13 SP2 can be obtained by contacting your local Siemens representative or customer support.
Simatic net pc software upgrade#
Siemens provides SIMATIC NET PC-Software V13 SP2, which fixes the vulnerability, and recommends users upgrade to the new version. DIFFICULTYĪn attacker with a low skill would be able to exploit this vulnerability. No known public exploits specifically target this vulnerability. This vulnerability could be exploited remotely. A CVSS v3 base score of 5.3 has been calculated the CVSS vector string is (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L ).
Simatic net pc software manual#
A manual restart of the service is required to recover the system. Specially crafted packets sent to several ports (Port 55101/TCP through Port 55105/TCP, Port 4845/TCP, and Port 4847/TCP through Port 4850/TCP) could cause a denial-of-service of the OPC-Unified Architecture (UA) service. VULNERABILITY CHARACTERIZATION VULNERABILITY OVERVIEW Siemens estimates that this product is used worldwide. According to Siemens, the SIMATIC NET PC-Software is deployed across several sectors including Chemical, Critical Manufacturing, and Food and Agriculture. The affected product, the Siemens SIMATIC NET PC-Software, is designed for communication between controllers (PLCs) and PC-based solutions (HMIs). Siemens is a multinational company headquartered in Munich, Germany. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Impact to individual organizations depends on many factors that are unique to each organization. SIMATIC NET PC-Software: All versions prior to V13 SP2Ī successful exploit of this vulnerability could cause a denial-of-service condition that would require a manual restart to recover.Siemens reports that the vulnerability affects the following SIMATIC products:
Siemens has produced a new version to mitigate this vulnerability. Vladimir Dashchenko and Sergey Temnikov from Kaspersky Labs reported this issue directly to Siemens. Siemens has identified a denial-of-service vulnerability in SIMATIC NET PC-Software.