SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-688701357] Siemens SINUMERIK Integrate and SINUMERIK Operate

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-03-02OtherSiemensSiemensN/AN/AN/AN/A

Source

						
							
								
#
# Siemens SINUMERIK Integrate and SINUMERIK Operate
#


### VULNERABLE VENDOR
Siemens


### VULNERABLE PRODUCT
SINUMERIK Integrate, SINUMERIK Operate



### RESEARCHER



### AFFECTED PRODUCTS

Siemens reports that the vulnerability affects the following SINUMERIK Integrate and Operate product suite versions:

SINUMERIK Integrate Access MyMachine/Ethernet with
AMM Service Engineer Client (ActiveX): All versions.
SINUMERIK Integrate Access MyMachine/Ethernet and Analyze MyCondition with
SINUMERIK Integrate Operate Client:

All versions between 2.0.3.00.016 (including) and 2.0.6 (excluding), and
All versions between 3.0.4.00.032 (including) and 3.0.6 (excluding).
Affected SINUMERIK Integrate Operate clients are included in the following Operate releases:

All versions between V4.5 SP6 (including) and V4.5 SP6 Hotfix 8 (excluding), and
All versions between V4.7 SP2 Hotfix 1 (including) and V4.7 SP4 (excluding).



### IMPACT

Successful exploitation of this vulnerability could allow attackers in a privileged network position to capture and modify network traffic protected with transport layer security.



### VULNERABILITY OVERVIEW



### BACKGROUND

Critical Infrastructure Sector(s): Energy, Healthcare and Public Health, and Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany




### MITIGATION

Siemens provides the following updates for affected SINUMERIK Integrate and SINUMERIK Operate versions:

SINUMERIK Integrate Access MyMachine/Ethernet and Analyze MyCondition with
SINUMERIK Operate V4.7:

Update to SINUMERIK Operate V4.7 SP4, or
Update SINUMERIK Integrate Operate Client to V3.0.6
SINUMERIK Operate V4.5:

Update to SINUMERIK Operate V4.5 SP6 Hotfix 8, or
Update SINUMERIK Integrate Operate Client to V2.0.6
SINUMERIK Integrate Access MyMachine/Ethernet with
AMM Service Engineer (ActiveX):

Replace with AMM Service Client V4.1.0.5
Replacement will be automatically installed when connecting to SINUMERIK Integrate V4.1 SP5 or newer.

These updates can be obtained from a local Siemens service organization. If assistance is needed in identifying a local Siemens service organization, users may contact a local Siemens hotline at the following link:

https://w3.siemens.com/aspa_app/


As a general security measure Siemens strongly recommends users configure their environment according to Siemens operational guidelines found below:

https://www.industry.siemens.com/topics/global/en/industrial-security/Documents/operational_guidelines_industrial_security_en.pdf


For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-934525 at the following location:

http://www.siemens.com/cert/en/cert-security-advisories.htm