[Control systems] Siemens security advisory (AV24-385)

Serial number: AV24-385
Date: July 11, 2024

On July 9, 2024, Siemens published security advisories to address vulnerabilities in the following products:

  • JT Open – versions prior to V11.5
  • JT2Go – versions prior to V14.3.0.8
  • Mendix Encryption – versions V10.0.0 and V10.0.1
  • JT Open – versions prior to V11.5
  • PLM XML SDK – versions prior to V7.1.0.014
  • RUGGEDCOM APE1808 (configured with Palo Alto Networks Virtual NGFW) – all versions
  • RUGGEDCOM APE1808 (configured with Fortigate NGFW) – all versions
  • RUGGEDCOM CROSSBOW – all versions
  • RUGGEDCOM ROS V4.x, V5.x and II Families – multiple versions
  • SCALANCE Family Devices – multiple versions and platforms
  • SIMATIC Energy Manager Basic – versions prior to V7.5
  • SIMATIC Energy Manager PRO – versions prior to V7.5
  • SIMATIC IPC DiagBase – all versions
  • SIMATIC IPC DiagMonitor – all versions
  • SIMATIC WinCC Runtime Professional V19 – versions prior to V19 Update 1
  • SIMATIC WinCC Runtime Professional V18 – all versions
  • SIMATIC WinCC V7.4 – versions prior to V7.4 SP1 Update 23
  • SIMATIC WinCC V7.5 – versions prior to V7.5 SP2 Update 16
  • SIMATIC WinCC V8.0 – versions prior to V8.0 Update 5
  • Simcenter Femap – versions prior to V2406
  • SIMIT V10 – all versions
  • SIMIT V11 – all versions
  • SINEC INS (with RADIUS Server feature enabled) – all versions
  • SINEMA Remote Connect Server – versions prior to V3.2 SP1
  • SINEMA Remote Connect Client – versions prior to V3.2 HF1
  • SIPROTEC 5 CPxxx Devices – multiple versions and platforms
  • SIPROTEC 5 Communication Modules – multiple versions and platforms
  • Teamcenter Visualization V14.1 – versions prior to V14.1.0.14
  • Teamcenter Visualization V14.2 – versions prior to V14.2.0.10
  • Teamcenter Visualization V14.3 – versions prior to V14.3.0.8
  • Teamcenter Visualization V2312 – versions prior to V2312.0002
  • Totally Integrated Automation Portal (TIA Portal) – multiple versions

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates.

Date modified: