[Control systems] Siemens security advisory (AV24-328)

From: Canadian Centre for Cyber Security

Serial number: AV24-328
Date: June 11, 2024

On June 11, 2024, Siemens published security advisories to address vulnerabilities in the following products:

  • CPCX26 Central Processing/Communication – versions prior to V06.02
  • ETA4 Ethernet Interface IEC60870-5-104 – versions prior to V10.46
  • ETA5 Ethernet Int. 1x100TX IEC61850 Ed.2 – versions prior to V03.27
  • JT2Go – versions prior to V2312.0004
  • Mendix Applications using Mendix 10 – versions prior to V10.11.0
  • Mendix Applications using Mendix 10 (V10.6) – versions prior to V10.6.9
  • Mendix Applications using Mendix 9 – versions V9.3.0 to versions prior to V9.24.22
  • PCCX26 Ax 1703 PE, Contr, Communication Element – versions prior to V06.05
  • PowerSys – versions prior to V3.11
  • SCALANCE W700 802.11 AX Family – multiple versions and platforms
  • SCALANCE XM-400/XR-500 – versions prior to V6.6.1 and multiple platforms
  • SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) – versions prior to V2.3
  • SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) – versions prior to V2.3
  • SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) – versions prior to V2.3
  • SIMATIC S7-200 SMART CPU – multiple versions and platforms
  • SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) – versions prior to V1.2
  • SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) – versions prior to V2.3
  • SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) – versions prior to V2.3
  • SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) – versions prior to V2.3
  • SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) – versions prior to V2.4.8
  • SITOP UPS1600 10 A Ethernet/ PROFINET (6EP4134-3AB00-2AY0) – versions prior to V2.5.4
  • SITOP UPS1600 20 A Ethernet/ PROFINET (6EP4136-3AB00-2AY0) – versions prior to V2.5.4
  • SITOP UPS1600 40 A Ethernet/ PROFINET (6EP4137-3AB00-2AY0) – versions prior to V2.5.4
  • SITOP UPS1600 EX 20 A Ethernet PROFINET (6EP4136-3AC00-2AY0) – versions prior to V2.5.4
  • ST7 ScadaConnect (6NH7997-5DA10-0AA0) – versions prior to V1.1
  • Teamcenter Visualization V14.2 – all versions
  • Teamcenter Visualization V14.3 – versions prior to V14.3.0.9
  • Teamcenter Visualization V2312 – versions prior to V2312.0004
  • Tecnomatix Plant Simulation V2302 – versions prior to V2302.0012
  • Tecnomatix Plant Simulation V2404 – versions prior to V2404.0001
  • TIA Administrator – versions prior to V3 SP2
  • TIM 1531 IRC (6GK7543-1MX00-0XE0) – versions prior to V2.4.8

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates.

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: