The current geopolitical situation has created increased cybersecurity risks across all industrial sectors. This challenging environment also impacts the operational technology (OT) landscape, where we observe an intensification of threat activities.
On 2025-06-30, CISA, FBI, DC3 and NSA published a joint advisory about an increased threat level for critical infrastructure and industrial control systems [0]. As of 2026-04-07, a new advisory was published, which now additionally flags Siemens S7 PLCs as potentially targeted [1]. At this point in time, we have not observed any exploitation of vulnerabilities in Siemens ICS products.
Given these developments, Siemens strongly recommends customers to review and implement the necessary measures to protect their infrastructure.
Keep the devices and systems updated to the latest version to limit the attack vectors that might exploit known vulnerabilities.
Disconnect or remove any devices from networks with inadequate security level (internet, unmaintained internal networks, inadequate physically secured environments etc.) or install additional protection measures (e.g. firewalls).
Use strong, unique passwords; do not use default password; use long enough and complex passwords.
Follow the Siemens Operational Guidelines for Industrial Security [2].
Siemens will continue to monitor the situation and will share any relevant updates for our customers via the Siemens ProductCERT News Website [3].
Subscribe to our mailing list [4] to get notified on the latest updates on Siemens devices.
[0] CISA.GOV Fact sheet [1] CISA.GOV AA26-097A [2] Siemens Operational Guidelines [3] Siemens ProductCERT News [4] Siemens ProductCERT Mailing List