Synthesis
Siemens has released security updates to fix some vulnerabilities in its products – including SCADA.
Risk
Estimated impact of vulnerability on the reference community: HIGH/ORANGE (74.42/100)1.
Type
- Privilege Escalation
- Information Leakage
Affected products and/or versions
Siemens:
- CP-8031/CP-8050 Package
- CPCI85 Central Processing/Communication
- SICAM 8 Software Solution Package
- SICORE Base system
Mitigation actions
It is recommended that mitigation measures be implemented by following the instructions provided by the vendor for each affected product and reported in the security bulletins in the References section.
Unique vulnerability identifiers
Below are the only CVEs relating to vulnerabilities with “high” and “critical” severity:
References
https://cert-portal.siemens.com/productcert/html/ssa-071402.html
1This estimate is carried out taking into account various parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
