ICS Advisory (ICSA-22-167-14)

Siemens OpenSSL Affected Industrial Products (Update E)

Click to Tweet.
Click to send to Facebook.
Click to Share.

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.


 

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

1. EXECUTIVE SUMMARY

  • CVSS v3 7.5
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Siemens
  • Equipment: Multiple industrial products
  • Vulnerability: Infinite Loop

2. UPDATE INFORMATION

This updated advisory is a follow-up to the advisory titled ICSA-22-167-14 Siemens OpenSSL Affected Industrial Products (Update D) that was published October 13, 2022, on the ICS webpage on cisa.gov/ics.

3. RISK EVALUATION

Successful exploitation of this vulnerability could create a denial-of-service condition in the affected products.

4. TECHNICAL DETAILS

4.1 AFFECTED PRODUCTS

The following Siemens industrial products are affected:

  • Industrial Edge - OPC UA Connector: All versions prior to v1.7
  • Industrial Edge - SIMATIC S7 Connector App: All versions prior to v1.7.0
  • RUGGEDCOM CROSSBOW Station Access Controller: All versions only when running on ROX II versions prior to V2.15.1
  • RUGGEDCOM RM1224 LTE(4G) EU (6GK6108- 4AM00-2BA2): All versions
  • RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2): All versions
  • RUGGEDCOM ROX MX5000: All versions prior to v2.15.1
  • RUGGEDCOM ROX MX5000RE: All versions prior to v2.15.1
  • RUGGEDCOM ROX RX1400: All versions prior to v2.15.1
  • RUGGEDCOM ROX RX1500: All versions prior to v2.15.1
  • RUGGEDCOM ROX RX1501: All versions prior to v2.15.1
  • RUGGEDCOM ROX RX1510: All versions prior to v2.15.1
  • RUGGEDCOM ROX RX1511: All versions prior to v2.15.1
  • RUGGEDCOM ROX RX1512: All versions prior to v2.15.1
  • RUGGEDCOM ROX RX1524: All versions prior to v2.15.1
  • RUGGEDCOM ROX RX1536: All versions prior to v2.15.1
  • RUGGEDCOM ROX RX5000: All versions prior to v2.15.1
  • SCALANCE LPE9403 (6GK5998-3GS00-2AC2): All versions prior to v2.0
  • SCALANCE M804PB (6GK5804-0AP00-2AA2): All versions
  • SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2): All versions
  • SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2): All versions
  • SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2): All versions
  • SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2): All versions
  • SCALANCE M826-2 SHDSL-Router (6GK5826- 2AB00-2AB2): All versions
  • SCALANCE M874-2 (6GK5874-2AA00-2AA2): All versions
  • SCALANCE M874-3 (6GK5874-3AA00-2AA2): All versions
  • SCALANCE M876-3 (EVDO) (6GK5876-3AA02- 2BA2): All versions
  • SCALANCE M876-3 (ROK) (6GK5876-3AA02- 2EA2): All versions
  • SCALANCE M876-4 (EU) (6GK5876-4AA00- 2BA2): All versions
  • SCALANCE M876-4 (NAM) (6GK5876-4AA00- 2DA2): All versions
  • SCALANCE MUM853-1 (EU) (6GK5853-2EA00- 2DA1): All versions
  • SCALANCE MUM853-1 (RoW) (6GK5853- 2EA00-2AA1): All versions
  • SCALANCE MUM856-1 (EU) (6GK5856-2EA00- 3DA1): All versions
  • SCALANCE MUM856-1 (NAM) (6GK5856- 2EA00-3BA1): All versions
  • SCALANCE MUM856-1 (RoW) (6GK5856- 2EA00-3AA1): All versions
  • SCALANCE S615 (6GK5615-0AA00-2AA2): All versions
  • SCALANCE SC622-2C (6GK5622-2GS00- 2AC2): All versions prior to v2.3.1
  • SCALANCE SC632-2C (6GK5632-2GS00- 2AC2): All versions prior to v2.3.1
  • SCALANCE SC636-2C (6GK5636-2GS00- 2AC2): All versions prior to v2.3.1
  • SCALANCE SC642-2C (6GK5642-2GS00- 2AC2): All versions prior to v2.3.1
  • SCALANCE SC646-2C (6GK5646-2GS00- 2AC2): All versions prior to v2.3.1
  • SCALANCE W721-1 RJ45 (6GK5721-1FC00- 0AA0)
  • SCALANCE W721-1 RJ45 (6GK5721-1FC00- 0AB0)
  • SCALANCE W722-1 RJ45 (6GK5722-1FC00- 0AA0)
  • SCALANCE W722-1 RJ45 (6GK5722-1FC00- 0AB0)
  • SCALANCE W722-1 RJ45 (6GK5722-1FC00- 0AC0)
  • SCALANCE W734-1 RJ45 (6GK5734-1FX00- 0AA0)
  • SCALANCE W734-1 RJ45 (6GK5734-1FX00- 0AA6)
  • SCALANCE W734-1 RJ45 (6GK5734-1FX00- 0AB0)
  • SCALANCE W734-1 RJ45 (USA) (6GK5734- 1FX00-0AB6)
  • SCALANCE W738-1 M12 (6GK5738-1GY00- 0AA0)
  • SCALANCE W738-1 M12 (6GK5738-1GY00- 0AB0)
  • SCALANCE W748-1 M12 (6GK5748-1GD00- 0AA0)
  • SCALANCE W748-1 M12 (6GK5748-1GD00- 0AB0)
  • SCALANCE W748-1 RJ45 (6GK5748-1FC00- 0AA0)
  • SCALANCE W748-1 RJ45 (6GK5748-1FC00- 0AB0)
  • SCALANCE W761-1 RJ45 (6GK5761-1FC00- 0AA0)
  • SCALANCE W761-1 RJ45 (6GK5761-1FC00- 0AB0)
  • SCALANCE W774-1 M12 EEC (6GK5774-1FY00- 0TA0)
  • SCALANCE W774-1 M12 EEC (6GK5774-1FY00- 0TB0)
  • SCALANCE W774-1 RJ45 (6GK5774-1FX00- 0AA0)
  • SCALANCE W774-1 RJ45 (6GK5774-1FX00- 0AA6)
  • SCALANCE W774-1 RJ45 (6GK5774-1FX00- 0AB0)
  • SCALANCE W774-1 RJ45 (6GK5774-1FX00- 0AC0)
  • SCALANCE W774-1 RJ45 (USA) (6GK5774- 1FX00-0AB6)
  • SCALANCE W778-1 M12 (6GK5778-1GY00- 0AA0)
  • SCALANCE W778-1 M12 (6GK5778-1GY00- 0AB0)
  • SCALANCE W778-1 M12 EEC (6GK5778- 1GY00-0TA0)
  • SCALANCE W778-1 M12 EEC (USA) (6GK5778- 1GY00-0TB0)
  • SCALANCE W786-1 RJ45 (6GK5786-1FC00- 0AA0)
  • SCALANCE W786-1 RJ45 (6GK5786-1FC00- 0AB0)
  • SCALANCE W786-2 RJ45 (6GK5786-2FC00- 0AA0)
  • SCALANCE W786-2 RJ45 (6GK5786-2FC00- 0AB0)
  • SCALANCE W786-2 RJ45 (6GK5786-2FC00- 0AC0)
  • SCALANCE W786-2 SFP (6GK5786-2FE00- 0AA0)
  • SCALANCE W786-2 SFP (6GK5786-2FE00- 0AB0)
  • SCALANCE W786-2IA RJ45 (6GK5786-2HC00- 0AA0)
  • SCALANCE W786-2IA RJ45 (6GK5786-2HC00- 0AB0)
  • SCALANCE W788-1 M12 (6GK5788-1GD00- 0AA0)
  • SCALANCE W788-1 M12 (6GK5788-1GD00- 0AB0)
  • SCALANCE W788-1 RJ45 (6GK5788-1FC00- 0AA0)
  • SCALANCE W788-1 RJ45 (6GK5788-1FC00- 0AB0)
  • SCALANCE W788-2 M12 (6GK5788-2GD00- 0AA0)
  • SCALANCE W788-2 M12 (6GK5788-2GD00- 0AB0)
  • SCALANCE W788-2 M12 EEC (6GK5788- 2GD00-0TA0)
  • SCALANCE W788-2 M12 EEC (6GK5788- 2GD00-0TB0)
  • SCALANCE W788-2 M12 EEC (6GK5788- 2GD00-0TC0)
  • SCALANCE W788-2 RJ45 (6GK5788-2FC00- 0AA0)
  • SCALANCE W788-2 RJ45 (6GK5788-2FC00- 0AB0)
  • SCALANCE W788-2 RJ45 (6GK5788-2FC00- 0AC0)
  • SCALANCE W1748-1 M12 (6GK5748-1GY01- 0AA0)
  • SCALANCE W1748-1 M12 (6GK5748-1GY01- 0TA0)
  • SCALANCE W1750D (JP) (6GK5750-2HX01- 1AD0): All versions
  • SCALANCE W1750D (ROW) (6GK5750-2HX01- 1AA0): All versions
  • SCALANCE W1750D (USA) (6GK5750-2HX01- 1AB0): All versions
  • SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0)
  • SCALANCE W1788-2 EEC M12 (6GK5788- 2GY01-0TA0)
  • SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0)
  • SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0)
  • SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
  • SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
  • SCALANCE WAM766-1 (6GK5766-1GE00-7DB0)
  • SCALANCE WAM766-1 6GHz (6GK5766-1JE00-7DA0)
  • SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
  • SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TB0)
  • SCALANCE WAM766-1 EEC 6GHz (6GK5766-1JE00-7TA0)
  • SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
  • SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
  • SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
  • SCALANCE WUM766-1 (6GK5766-1GE00-3DB0)
  • SCALANCE WUM766-1 6GHz (6GK5766-1JE00-3DA0)
  • SCALANCE X200-4P IRT (6GK5200-4AH00- 2BA3): All versions
  • SCALANCE X200-4P IRT (6GK5200-4AH10- 2BA3): All versions
  • SCALANCE X201-3P IRT (6GK5201-3BH00- 2BA3): All versions
  • SCALANCE X201-3P IRT (6GK5201-3BH10- 2BA3): All versions
  • SCALANCE X201-3P IRT PRO (6GK5201- 3BH00-2BD2): All versions
  • SCALANCE X201-3P IRT PRO (6GK5201-3JR10- 2BA6): All versions
  • SCALANCE X202-2IRT (6GK5202-2BB00- 2BA3): All versions
  • SCALANCE X202-2IRT (6GK5202-2BB10- 2BA3): All versions
  • SCALANCE X202-2P IRT (6GK5202-2BH00- 2BA3): All versions
  • SCALANCE X202-2P IRT (6GK5202-2BH10- 2BA3): All versions
  • SCALANCE X202-2P IRT PRO (6GK5202-2JR00- 2BA6): All versions
  • SCALANCE X202-2P IRT PRO (6GK5202-2JR10- 2BA6): All versions
  • SCALANCE X204-2 (6GK5204-2BB10-2AA3): All versions
  • SCALANCE X204-2FM (6GK5204-2BB11- 2AA3): All versions
  • SCALANCE X204-2LD (6GK5204-2BC10- 2AA3): All versions
  • SCALANCE X204-2LD TS (6GK5204-2BC10- 2CA2): All versions
  • SCALANCE X204-2TS (6GK5204-2BB10- 2CA2): All versions
  • SCALANCE X204IRT (6GK5204-0BA00-2BA3): All versions
  • SCALANCE X204IRT (6GK5204-0BA10-2BA3): All versions
  • SCALANCE X204IRT PRO (6GK5204-0JA00- 2BA6): All versions
  • SCALANCE X204IRT PRO (6GK5204-0JA10- 2BA6): All versions
  • SCALANCE X206-1 (6GK5206-1BB10-2AA3): All versions
  • SCALANCE X206-1LD (6GK5206-1BC10- 2AA3): All versions
  • SCALANCE X208 (6GK5208-0BA10-2AA3): All versions
  • SCALANCE X208PRO (6GK5208-0HA10- 2AA6): All versions
  • SCALANCE X212-2 (6GK5212-2BB00-2AA3): All versions
  • SCALANCE X212-2LD (6GK5212-2BC00- 2AA3): All versions
  • SCALANCE X216 (6GK5216-0BA00-2AA3): All versions
  • SCALANCE X224 (6GK5224-0BA00-2AA3): All versions
  • SCALANCE X302-7 EEC (2x 24V) (6GK5302- 7GD00-2EA3): All versions
  • SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3): All versions
  • SCALANCE X302-7 EEC (2x 230V) (6GK5302- 7GD00-4EA3): All versions
  • SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3): All versions
  • SCALANCE X302-7 EEC (24V) (6GK5302- 7GD00-1EA3): All versions
  • SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3): All versions
  • SCALANCE X302-7 EEC (230V) (6GK5302- 7GD00-3EA3): All versions
  • SCALANCE X302-7 EEC (230V, coated) (6GK5302-7GD00-3GA3): All versions
  • SCALANCE X304-2FE (6GK5304-2BD00- 2AA3): All versions
  • SCALANCE X306-1LD FE (6GK5306-1BF00- 2AA3): All versions
  • SCALANCE X307-2 EEC (2x 24V) (6GK5307- 2FD00-2EA3): All versions
  • SCALANCE X307-2 EEC (2x 24V, coated) (6GK5307-2FD00-2GA3): All versions
  • SCALANCE X307-2 EEC (2x 230V) (6GK5307- 2FD00-4EA3): All versions
  • SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3): All versions
  • SCALANCE X307-2 EEC (24V) (6GK5307- 2FD00-1EA3): All versions
  • SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3): All versions
  • SCALANCE X307-2 EEC (230V) (6GK5307- 2FD00-3EA3): All versions
  • SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3): All versions
  • SCALANCE X307-3 (6GK5307-3BL00-2AA3): All versions
  • SCALANCE X307-3 (6GK5307-3BL10-2AA3): All versions
  • SCALANCE X307-3LD (6GK5307-3BM00- 2AA3): All versions
  • SCALANCE X307-3LD (6GK5307-3BM10- 2AA3): All versions
  • SCALANCE X308-2 (6GK5308-2FL00-2AA3): All versions
  • SCALANCE X308-2 (6GK5308-2FL10-2AA3): All versions
  • SCALANCE X308-2LD (6GK5308-2FM00- 2AA3): All versions
  • SCALANCE X308-2LD (6GK5308-2FM10- 2AA3): All versions
  • SCALANCE X308-2LH (6GK5308-2FN00- 2AA3): All versions
  • SCALANCE X308-2LH (6GK5308-2FN10- 2AA3): All versions
  • SCALANCE X308-2LH+ (6GK5308-2FP00- 2AA3): All versions
  • SCALANCE X308-2LH+ (6GK5308-2FP10- 2AA3): All versions
  • SCALANCE X308-2M (6GK5308-2GG00-2AA2): All versions
  • SCALANCE X308-2M (6GK5308-2GG10-2AA2): All versions
  • SCALANCE X308-2M PoE (6GK5308-2QG00- 2AA2): All versions
  • SCALANCE X308-2M PoE (6GK5308-2QG10- 2AA2): All versions
  • SCALANCE X308-2M TS (6GK5308-2GG00- 2CA2): All versions
  • SCALANCE X308-2M TS (6GK5308-2GG10- 2CA2): All versions
  • SCALANCE X310 (6GK5310-0FA00-2AA3): All versions
  • SCALANCE X310 (6GK5310-0FA10-2AA3): All versions
  • SCALANCE X310FE (6GK5310-0BA00-2AA3): All versions
  • SCALANCE X310FE (6GK5310-0BA10-2AA3): All versions
  • SCALANCE X320-1 FE (6GK5320-1BD00- 2AA3): All versions
  • SCALANCE X320-1-2LD FE (6GK5320-3BF00- 2AA3): All versions
  • SCALANCE X408-2 (6GK5408-2FD00-2AA2): All versions
  • SCALANCE XB205-3 (SC, PN) (6GK5205-3BB00-2AB2): All versions
  • SCALANCE XB205-3 (ST, E/IP) (6GK5205-3BB00-2TB2): All versions
  • SCALANCE XB205-3 (ST, E/IP) (6GK5205-3BD00-2TB2): All versions
  • SCALANCE XB205-3 (ST, PN) (6GK5205-3BD00- 2AB2):
  • SCALANCE XB205-3LD (SC, PN) (6GK5205- 3BF00-2AB2): All versions
  • SCALANCE XB205-3LD (SC, E/IP) (6GK5205- 3BF00-2TB2): All versions
  • SCALANCE XB208 (PN) (6GK5208-0BA00- 2AB2): All versions
  • SCALANCE XB208 (E/IP) (6GK5208-0BA00- 2TB2): All versions
  • SCALANCE XB213-3 (SC, PN) (6GK5213- 3BD00-2AB2): All versions
  • SCALANCE XB213-3 (SC, E/IP) (6GK5213- 3BD00-2TB2): All versions
  • SCALANCE XB213-3 (ST, PN) (6GK5213-3BB00- 2AB2): All versions
  • SCALANCE XB213-3 (ST, E/IP) (6GK5213- 3BB00-2TB2): All versions
  • SCALANCE XB213-3LD (SC, PN) (6GK5213- 3BF00-2AB2): All versions
  • SCALANCE XB213-3LD (SC, E/IP) (6GK5213- 3BF00-2TB2):  All versions
  • SCALANCE XB216 (PN) (6GK5216-0BA00- 2AB2): All versions
  • SCALANCE XB216 (E/IP) (6GK5216-0BA00- 2TB2): All versions
  • SCALANCE XB205-3 (SC) (6GK5205-3BD00- 2AB2): All versions
  • SCALANCE XB205-3 (SC) (6GK5205-3BD00- 2TB2): All versions
  • SCALANCE XB205-3 (ST/BFOC) (6GK5205- 3BB00-2AB2): All versions
  • SCALANCE XB205-3 (ST/BFOC) (6GK5205- 3BB00-2TB2): All versions
  • SCALANCE XB205-3LD (6GK5205-3BF00- 2AB2): All versions
  • SCALANCE XB205-3LD (6GK5205-3BF00- 2TB2): All versions
  • SCALANCE XB208 (6GK5208-0BA00-2AB2): All versions
  • SCALANCE XB208 (6GK5208-0BA00-2TB2): All versions
  • SCALANCE XB213-3 (SC) (6GK5213-3BD00- 2AB2): All versions
  • SCALANCE XB213-3 (SC) (6GK5213-3BD00- 2TB2): All versions
  • SCALANCE XB213-3 (ST/BFOC) (6GK5213- 3BB00-2AB2): All versions
  • SCALANCE XB213-3 (ST/BFOC) (6GK5213- 3BB00-2TB2): All versions
  • SCALANCE XB213-3LD (6GK5213-3BF00- 2AB2): All versions
  • SCALANCE XB213-3LD (6GK5213-3BF00- 2TB2): All versions
  • SCALANCE XB216 (6GK5216-0BA00-2AB2): All versions
  • SCALANCE XB216 (6GK5216-0BA00-2TB2): All versions
  • SCALANCE XC206-2 (SC) (6GK5206-2BD00- 2AC2): All versions
  • SCALANCE XC206-2 (ST/BFOC) (6GK5206- 2BB00-2AC2): All versions
  • SCALANCE XC206-2SFP (6GK5206-2BS00- 2AC2): All versions
  • SCALANCE XC206-2SFP EEC (6GK5206- 2BS00-2FC2): All versions
  • SCALANCE XC206-2SFP G (6GK5206-2GS00- 2AC2): All versions
  • SCALANCE XC206-2SFP G (6GK5206-2GS00- 2TC2): All versions
  • SCALANCE XC206-2SFP G EEC (6GK5206- 2GS00-2FC2): All versions
  • SCALANCE XC208 (6GK5208-0BA00-2AC2): All versions
  • SCALANCE XC208EEC (6GK5208-0BA00- 2FC2): All versions
  • SCALANCE XC208G (6GK5208-0GA00-2AC2): All versions
  • SCALANCE XC208G (6GK5208-0GA00-2TC2): All versions
  • SCALANCE XC208G EEC (6GK5208-0GA00- 2FC2): All versions
  • SCALANCE XC216 (6GK5216-0BA00-2AC2): All versions
  • SCALANCE XC216-4C (6GK5216-4BS00- 2AC2): All versions
  • SCALANCE XC216-4C G (6GK5216-4GS00- 2AC2): All versions
  • SCALANCE XC216-4C G (EIP Def.) (6GK5216- 4GS00-2TC2): All versions
  • SCALANCE XC216-4C G EEC (6GK5216- 4GS00-2FC2): All versions
  • SCALANCE XC216EEC (6GK5216-0BA00- 2FC2): All versions
  • SCALANCE XC224 (6GK5224-0BA00-2AC2): All versions
  • SCALANCE XC224-4C G (6GK5224-4GS00- 2AC2): All versions
  • SCALANCE XC224-4C G (EIP Def.) (6GK5224- 4GS00-2TC2): All versions
  • SCALANCE XC224-4C G EEC (6GK5224- 4GS00-2FC2): All versions
  • SCALANCE XF201-3P IRT (6GK5201-3JR00- 2BA6): All versions
  • SCALANCE XF202-2P IRT (6GK5202-2BH00- 2BD2): All versions
  • SCALANCE XF204 (6GK5204-0BA00-2AF2): All versions
  • SCALANCE XF204 (6GK5204-0BA00-2GF2): All versions
  • SCALANCE XF204 DNA (6GK5204-0BA00- 2YF2): All versions
  • SCALANCE XF204-2 (6GK5204-2BC00-2AF2): All versions
  • SCALANCE XF204-2BA (6GK5204-2AA00- 2GF2): All versions
  • SCALANCE XF204-2BA DNA (6GK5204-2AA00- 2YF2): All versions
  • SCALANCE XF204-2BA IRT (6GK5204-2AA00- 2BD2): All versions
  • SCALANCE XF204IRT (6GK5204-0BA00- 2BF2): All versions
  • SCALANCE XF204IRT (6GK5204-0BA10- 2BF2): All versions
  • SCALANCE XF206-1 (6GK5206-1BC00-2AF2): All versions
  • SCALANCE XF208 (6GK5208-0BA00-2AF2): All versions
  • SCALANCE XM408-4C (6GK5408-4GP00-2AM2): All versions prior to V6.5
  • SCALANCE XM408-4C (L3 int.) (6GK5408-4GQ00-2AM2): All versions prior to V6.5
  • SCALANCE XM408-8C (6GK5408-8GS00-2AM2): All versions prior to V6.5
  • SCALANCE XM408-8C (L3 int.) (6GK5408-8GR00-2AM2): All versions prior to V6.5
  • SCALANCE XM416-4C (6GK5416-4GS00-2AM2): All versions prior to V6.5
  • SCALANCE XM416-4C (L3 int.) (6GK5416-4GR00-2AM2): All versions prior to V6.5
  • SCALANCE XP208 (6GK5208-0HA00-2AS6): All versions
  • SCALANCE XP208 (6GK5208-0HA00-2TS6): All versions
  • SCALANCE XP208EEC (6GK5208-0HA00- 2ES6): All versions
  • SCALANCE XP208PoE EEC (6GK5208-0UA00- 5ES6): All versions
  • SCALANCE XP216 (6GK5216-0HA00-2AS6): All versions
  • SCALANCE XP216 (6GK5216-0HA00-2TS6): All versions
  • SCALANCE XP216EEC (6GK5216-0HA00- 2ES6): All versions
  • SCALANCE XP216POE EEC (6GK5216-0UA00- 5ES6): All versions
  • SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2): All versions
  • SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2): All versions
  • SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2): All versions
  • SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2): All versions
  • SCALANCE XR324-4M EEC (2x 100-240VAC/60- 250VDC, ports on front) (6GK5324-4GG00- 4ER2): All versions
  • SCALANCE XR324-4M EEC (2x 100-240VAC/60- 250VDC, ports on front) (6GK5324-4GG10- 4ER2): All versions
  • SCALANCE XR324-4M EEC (2x 100-240VAC/60- 250VDC, ports on rear) (6GK5324-4GG00- 4JR2): All versions
  • SCALANCE XR324-4M EEC (2x 100-240VAC/60- 250VDC, ports on rear) (6GK5324-4GG10- 4JR2): All versions
  • SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2): All versions
  • SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2): All versions
  • SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG00-1JR2): All versions
  • SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2): All versions
  • SCALANCE XR324-4M EEC (100-240VAC/60- 250VDC, ports on front) (6GK5324-4GG00- 3ER2): All versions
  • SCALANCE XR324-4M EEC (100-240VAC/60- 250VDC, ports on front) (6GK5324-4GG10- 3ER2): All versions
  • SCALANCE XR324-4M EEC (100-240VAC/60- 250VDC, ports on rear) (6GK5324-4GG00- 3JR2): All versions
  • SCALANCE XR324-4M EEC (100-240VAC/60- 250VDC, ports on rear) (6GK5324-4GG10- 3JR2): All versions
  • SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2): All versions
  • SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2): All versions
  • SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2): All versions
  • SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2): All versions
  • SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2): All versions
  • SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2): All versions
  • SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2): All versions
  • SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2): All versions
  • SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2): All versions
  • SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2): All versions
  • SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG10-3AR2): All versions
  • SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2): All versions
  • SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG10-3HR2): All versions
  • SCALANCE XR324-12M TS (24V) (6GK5324- 0GG00-1CR2): All versions
  • SCALANCE XR324-12M TS (24V) (6GK5324- 0GG10-1CR2): All versions
  • SCALANCE XR324WG (24 x FE, AC 230V) (6GK5324-0BA00-3AR3): All versions
  • SCALANCE XR324WG (24 X FE, DC 24V) (6GK5324-0BA00-2AR3): All versions
  • SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (6GK5328-4FS00- 3AR3): All versions
  • SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (6GK5328-4FS00- 3RR3): All versions
  • SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (6GK5328-4FS00-2AR3): All versions
  • SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (6GK5328-4FS00-2RR3): All versions
  • SCALANCE XR328-4C WG (28xGE, AC 230V) (6GK5328-4SS00-3AR3): All versions
  • SCALANCE XR328-4C WG (28xGE, DC 24V) (6GK5328-4SS00-2AR3): All versions
  • SCALANCE XR524-8C, 1x230V (6GK5524-8GS00-3AR2): All versions prior to V6.5
  • SCALANCE XR524-8C, 1x230V (L3 int.) (6GK5524-8GR00-3AR2): All versions prior to V6.5
  • SCALANCE XR524-8C, 2x230V (6GK5524-8GS00-4AR2): All versions prior to V6.5
  • SCALANCE XR524-8C, 2x230V (L3 int.) (6GK5524-8GR00-4AR2): All versions prior to V6.5
  • SCALANCE XR524-8C, 24V (6GK5524-8GS00-2AR2): All versions prior to V6.5
  • SCALANCE XR524-8C, 24V (L3 int.) (6GK5524-8GR00-2AR2): All versions prior to V6.5
  • SCALANCE XR526-8C, 1x230V (6GK5526-8GS00-3AR2): All versions prior to V6.5
  • SCALANCE XR526-8C, 1x230V (L3 int.) (6GK5526-8GR00-3AR2): All versions prior to V6.5
  • SCALANCE XR526-8C, 2x230V (6GK5526-8GS00-4AR2): All versions prior to V6.5
  • SCALANCE XR526-8C, 2x230V (L3 int.) (6GK5526-8GR00-4AR2): All versions prior to V6.5
  • SCALANCE XR526-8C, 24V (6GK5526-8GS00-2AR2): All versions prior to V6.5
  • SCALANCE XR526-8C, 24V (L3 int.) (6GK5526-8GR00-2AR2): All versions prior to V6.5
  • SCALANCE XR528-6M (6GK5528-0AA00-2AR2): All versions prior to V6.5
  • SCALANCE XR528-6M (2HR2) (6GK5528-0AA00-2HR2): All versions prior to V6.5
  • SCALANCE XR528-6M (2HR2, L3 int.) (6GK5528-0AR00-2HR2): All versions prior to V6.5
  • SCALANCE XR528-6M (L3 int.) (6GK5528-0AR00-2AR2): All versions prior to V6.5
  • SCALANCE XR552-12M (6GK5552-0AA00-2AR2): All versions prior to V6.5
  • SCALANCE XR552-12M (2HR2) (6GK5552-0AA00-2HR2): All versions prior to V6.5
  • SCALANCE XR552-12M (2HR2) (6GK5552-0AR00-2HR2): All versions prior to V6.5
  • SCALANCE XR552-12M (2HR2, L3 int.) (6GK5552-0AR00-2AR2): All versions prior to V6.5
  • Security Configuration Tool (SCT): All versions
  • SIMATIC Cloud Connect 7 CC712 (6GK1411- 1AC00): All versions prior to v1.9
  • SIMATIC Cloud Connect 7 CC716 (6GK1411- 5AC00): All versions prior to v1.9
  • SIMATIC CP 343-1 Advanced (6GK7343-1GX31- 0XE0): All versions
  • SIMATIC CP 443-1 Advanced (6GK7443-1GX30- 0XE0): All versions
  • SIMATIC CP 443-1 OPC UA (6GK7443-1UX00- 0XE0): All versions
  • SIMATIC CP 1242-7 V2 (6GK7242-7KX31- 0XE0): All versions
  • SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0): All versions
  • SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30- 0XE0): All versions
  • SIMATIC CP 1243-7 LTE US (6GK7243-7SX30- 0XE0): All versions
  • SIMATIC CP 1243-8 IRC (6GK7243-8RX30- 0XE0): All versions
  • SIMATIC CP 1542SP-1 (6GK7542-6UX00- 0XE0): All versions
  • SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0): All versions
  • SIMATIC CP 1543SP-1 (6GK7543-6WX00- 0XE0): All versions
  • SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0): All versions
  • SIMATIC CP 1626 (6GK1162-6AA01): All versions
  • SIMATIC CP 1628 (6GK1162-8AA00): All versions

--------- Begin Update E Part 1 of 8 ---------

  • SIMATIC Drive Controller family: All versions prior to v3.0.1

--------- End Update E Part 1 of 8 ---------

  • SIMATIC ET 200SP Open Controller (incl. SIPLUS variants): All versions

--------- Begin Update E Part 2 of 8 ---------

  • SIMATIC HMI Unified Comfort Panels: All versions prior to v18

--------- End Update E Part 2 of 8 ---------

  • SIMATIC Logon: All versions prior to v1.6 Upd6
  • SIMATIC MV540 H (6GF3540-0GE10): All versions prior to v3.3
  • SIMATIC MV540 S (6GF3540-0CD10): All versions prior to v3.3
  • SIMATIC MV550 H (6GF3550-0GE10): All versions prior to v3.3
  • SIMATIC MV550 S (6GF3550-0CD10): All versions prior to v3.3
  • SIMATIC MV560 U (6GF3560-0LE10): All versions prior to v3.3
  • SIMATIC MV560 X (6GF3560-0HE10): All versions prior to v3.3
  • SIMATIC NET PC Software v14: All versions
  • SIMATIC NET PC Software v15: All versions
  • SIMATIC NET PC Software v16: All versions prior to v16 Update 6
  • SIMATIC NET PC Software v17: All versions
  • SIMATIC PCS 7 TeleControl: All versions

--------- Begin Update E Part 3 of 8 ---------

  • SIMATIC PCS neo (Administration Console): All versions prior to v4.0

--------- End Update E Part 3 of 8 ---------

  • SIMATIC PDM: All versions prior to v9.2.2

--------- Begin Update E Part 4 of 8 ---------

  • SIMATIC Process Historian OPC UA Server: All versions prior to v2020 SP1 Upd1

--------- End Update E Part 4 of 8 ---------

  • SIMATIC RF166C (6GT2002-0EE20): All versions prior to v2.0.1
  • SIMATIC RF185C (6GT2002-0JE10): All versions prior to v2.0.1
  • SIMATIC RF186C (6GT2002-0JE20): All versions prior to v2.0.1
  • SIMATIC RF186CI (6GT2002-0JE50): All versions prior to v2.0.1
  • SIMATIC RF188C (6GT2002-0JE40): All versions prior to v2.0.1
  • SIMATIC RF188CI (6GT2002-0JE60): All versions prior to v.2.0.1
  • SIMATIC RF360R (6GT2801-5BA30): All versions prior to v2.0.1
  • SIMATIC RF610R (6GT2811-6BC10): All versions prior to v4.0.1
  • SIMATIC RF615R (6GT2811-6CC10): All versions prior to v4.0.1
  • SIMATIC RF650R (6GT2811-6AB20): All versions prior to v4.0.1
  • SIMATIC RF680R (6GT2811-6AA10): All versions prior to v4.0.1
  • SIMATIC RF685R (6GT2811-6CA10): All versions prior to v4.0.1

--------- Begin Update E Part 5 of 8 ---------

  • SIMATIC S7-1200 CPU family (incl. SIPLUS variants): All versions prior to v4.6.0
  • SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants): All versions prior to v3.0.1

--------- End Update E Part 5 of 8 ---------

  • SIMATIC S7-1500 Software Controller (incl. F): All versions

--------- Begin Update E Part 6 of 8 ---------

  • SIMATIC S7-PLCSIM Advanced: All versions prior to v5.0

--------- End Update E Part 6 of 8 ---------

  • SIMATIC STEP 7 (TIA Portal): All versions
  • SIMATIC STEP 7 V5.X: All versions prior to v5.7 HF4
  • SIMATIC WinCC (TIA Portal): All versions
  • SIMATIC WinCC Unified (TIA Portal): All versions prior to V17 Update 5
  • SINAUT Software ST7sc: All versions
  • SINAUT ST7CC: All versions
  • SINEC INS: All versions prior to V1.0 SP2
  • SINEC NMS: All versions prior to V1.0.3
  • SINEC NMS: All versions
  • SINEMA Remote Connect Server: All versions prior to v3.1
  • SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0): All versions
  • SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0): All versions
  • SIPLUS NET CP 343-1 Advanced (6AG1343- 1GX31-4XE0): All versions
  • SIPLUS NET CP 443-1 Advanced (6AG1443- 1GX30-4XE0): All versions
  • SIPLUS NET CP 1242-7 v2 (6AG1242-7KX31- 7XE0): All versions
  • SIPLUS NET CP 1543-1 (6AG1543-1AX00- 2XE0): All versions
  • SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3): All versions
  • SIPLUS NET SCALANCE X308-2 (6AG1308- 2FL10-4AA3): All versions
  • SIPLUS NET SCALANCE XC206-2 (6AG1206- 2BB00-7AC2): All versions
  • SIPLUS NET SCALANCE XC206-2SFP (6AG1206-2BS00-7AC2): All versions
  • SIPLUS NET SCALANCE XC208 (6AG1208- 0BA00-7AC2): All versions
  • SIPLUS NET SCALANCE XC216-4C (6AG1216- 4BS00-7AC2): All versions
  • SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30- 2AX0): All versions
  • SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243- 1BX30-1XE0): All versions
  • SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0): All versions
  • TeleControl Server Basic v3: All versions prior to v3.1.1

--------- Begin Update E Part 7 of 8 ---------

  • TIA Administrator: All versions prior to v1.0 SP8

--------- End Update E Part 7 of 8 ---------

  • TIA Portal Cloud: All versions
  • TIA Portal v15: All versions
  • TIA Portal v16: All versions

--------- Begin Update E Part 8 of 8 ---------

  • TIA Portal v17: All versions prior to v17 Update 5

--------- End Update E Part 8 of 8 ---------

  • TIM 1531 IRC (6GK7543-1MX00-0XE0): All versions

4.2 VULNERABILITY OVERVIEW

4.2.1    LOOP WITH UNREACHABLE EXIT CONDITION ('INFINITE LOOP') CWE-835

An attacker can trigger an infinite loop by crafting a certificate that has invalid explicit curve parameters, which could result in a denial-of-service condition. Learn more about this vulnerability here.

CVE-2022-0778 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

4.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Multiple sectors
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany

4.4 RESEARCHER

Siemens reported this vulnerability to CISA.

5. MITIGATIONS

Siemens has released updates for several affected products and recommends updating to the latest versions available. Siemens is preparing further updates and recommends countermeasures for products where updates are not yet available or will not be developed. Please see Siemens SSA-712929 to determine if there is an update available.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information see Siemens Security Advisory SSA-712929

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov/ics in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

No known public exploits specifically target this vulnerability.


Contact Information

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

For industrial control systems cybersecurity information:  https://us-cert.cisa.gov/ics 
or incident reporting:  https://us-cert.cisa.gov/report

CISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we'd welcome your feedback.