-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 # SSA-462066: Vulnerability known as TCP SACK PANIC in Industrial Products Publication Date: 2019-09-10 Last Update: 2023-04-11 Current Version: 3.1 CVSS v3.1 Base Score: 7.5 SUMMARY ======= Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available. AFFECTED PRODUCTS AND SOLUTION ============================== * RUGGEDCOM APE1404 Linux - Affected versions: All versions < Debian 9 Linux Image 2019-12-13 - Affected by vulnerabilities: - CVE-2019-11479 - Remediation: Apply the latest available Debian patches See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109773487 * RUGGEDCOM RM1224 family (6GK6108-4AM00) - Affected versions: All versions < V6.2 - Remediation: Update to V6.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109778305 * RUGGEDCOM ROX II - Affected versions: All versions < V2.13.3 - Affected by vulnerabilities: - CVE-2019-11479 - Remediation: Update to V2.13.3 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109778537 * RUGGEDCOM RX1400 VPE Debian Linux - Affected versions: All versions < Debian 9 Linux Image 2019-12-13 - Affected by vulnerabilities: - CVE-2019-11479 - Remediation: Apply the latest available Debian patches in the VPE See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109773485 * RUGGEDCOM RX1400 VPE Linux CloudConnect - Affected versions: All versions < Debian 9 Linux Image 2019-12-13 - Affected by vulnerabilities: - CVE-2019-11479 - Remediation: Apply the latest available Debian patches in the VPE or apply the latest CloudConnect VPE Linux image See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109773486 * SCALANCE M804PB (6GK5804-0AP00-2AA2) - Affected versions: All versions < V6.2 - Remediation: Update to V6.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109778305 * SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) - Affected versions: All versions < V6.2 - Remediation: Update to V6.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109778305 * SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) - Affected versions: All versions < V6.2 - Remediation: Update to V6.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109778305 * SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) - Affected versions: All versions < V6.2 - Remediation: Update to V6.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109778305 * SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) - Affected versions: All versions < V6.2 - Remediation: Update to V6.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109778305 * SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) - Affected versions: All versions < V6.2 - Remediation: Update to V6.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109778305 * SCALANCE M874-2 (6GK5874-2AA00-2AA2) - Affected versions: All versions < V6.2 - Remediation: Update to V6.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109778305 * SCALANCE M874-3 (6GK5874-3AA00-2AA2) - Affected versions: All versions < V6.2 - Remediation: Update to V6.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109778305 * SCALANCE M875 - Affected versions: All versions - Remediation: Upgrade hardware to SCALANCE M876-4 or RUGGEDCOM RM1224 and apply patches when available, or follow recommendations from section Workarounds and Mitigations See further recommendations from section "Workarounds and Mitigations" * SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) - Affected versions: All versions < V6.2 - Remediation: Update to V6.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109778305 * SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) - Affected versions: All versions < V6.2 - Remediation: Update to V6.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109778305 * SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) - Affected versions: All versions < V6.2 - Remediation: Update to V6.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109778305 * SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) - Affected versions: All versions < V6.2 - Remediation: Update to V6.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109778305 * SCALANCE S602 - Affected versions: All versions < V4.1 - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: Update to V4.1 Upgrade hardware to successor product from SCALANCE SC-600 family ( https://support.industry.siemens.com/cs/document/109756957) and apply patches when available, or follow recommendations from section Workarounds and Mitigations See further recommendations from section "Workarounds and Mitigations" - Download: Update is only available via Siemens Support contact * SCALANCE S612 - Affected versions: All versions < V4.1 - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: Update to V4.1 Upgrade hardware to successor product from SCALANCE SC-600 family ( https://support.industry.siemens.com/cs/document/109756957) and apply patches when available, or follow recommendations from section Workarounds and Mitigations See further recommendations from section "Workarounds and Mitigations" - Download: Update is only available via Siemens Support contact * SCALANCE S615 (6GK5615-0AA00-2AA2) - Affected versions: All versions < V6.2 - Remediation: Update to V6.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109778305/ * SCALANCE S623 - Affected versions: All versions < V4.1 - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: Update to V4.1 Upgrade hardware to successor product from SCALANCE SC-600 family ( https://support.industry.siemens.com/cs/document/109756957) and apply patches when available, or follow recommendations from section Workarounds and Mitigations See further recommendations from section "Workarounds and Mitigations" - Download: Update is only available via Siemens Support contact * SCALANCE S627-2M - Affected versions: All versions < V4.1 - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: Update to V4.1 Upgrade hardware to successor product from SCALANCE SC-600 family ( https://support.industry.siemens.com/cs/document/109756957) and apply patches when available, or follow recommendations from section Workarounds and Mitigations See further recommendations from section "Workarounds and Mitigations" - Download: Update is only available via Siemens Support Contact * SCALANCE SC622-2C (6GK5622-2GS00-2AC2) - Affected versions: All version < V2.0.1 - Remediation: Update to V2.0.1 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109769665 * SCALANCE SC632-2C (6GK5632-2GS00-2AC2) - Affected versions: All version < V2.0.1 - Remediation: Update to V2.0.1 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109769665 * SCALANCE SC636-2C (6GK5636-2GS00-2AC2) - Affected versions: All version < V2.0.1 - Remediation: Update to V2.0.1 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109769665 * SCALANCE SC642-2C (6GK5642-2GS00-2AC2) - Affected versions: All version < V2.0.1 - Remediation: Update to V2.0.1 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109769665 * SCALANCE SC646-2C (6GK5646-2GS00-2AC2) - Affected versions: All version < V2.0.1 - Remediation: Update to V2.0.1 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109769665 * SCALANCE W1750D - Affected versions: All versions < V8.6.0 - Remediation: Update to V8.6.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109778052 * SCALANCE W-700 IEEE 802.11n family - Affected versions: All versions < V6.4 - Remediation: Update to V6.4 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109773308 * SCALANCE W-1700 IEEE 802.11ac family - Affected versions: All versions < V2.0 - Remediation: Update to V2.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109773734 * SCALANCE WLC711 - Affected versions: All versions - Remediation: Currently no fix is planned See recommendations from section "Workarounds and Mitigations" * SCALANCE WLC712 - Affected versions: All versions - Remediation: Currently no fix is planned See recommendations from section "Workarounds and Mitigations" * SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00) - Affected versions: All versions < V1.1.5 - Remediation: Update to V1.1.5 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109769636 * SIMATIC CM 1542-1 - Affected versions: All versions < 3.0 - Remediation: Update to V3.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109801629/ * SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: Currently no fix is planned See recommendations from section "Workarounds and Mitigations" * SIMATIC CP 442-1 RNA (6GK7442-1RX00-0XE0) - Affected versions: All versions < V1.5.18 - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: Update to V1.5.18 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808794 * SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) - Affected versions: All versions < V3.3 - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: Update to V3.3 or later version See recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109817938/ * SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) - Affected versions: All versions < V3.3 - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: Update to V3.3 or later version See recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109817938/ * SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) - Affected versions: All versions < V3.3 - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: Update to V3.3 or later version See recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109817938/ * SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0) - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: Currently no fix is planned See recommendations from section "Workarounds and Mitigations" * SIMATIC CP 443-1 RNA (6GK7443-1RX00-0XE0) - Affected versions: All versions < V1.5.18 - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: Update to V1.5.18 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808796 * SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) - Affected versions: All versions < V3.2 - Remediation: Update to V3.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109775640 * SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) - Affected versions: All versions < V3.2 - Remediation: Update to V3.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109775640 * SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) - Affected versions: All versions < V3.2 - Remediation: Update to V3.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109775640 * SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) - Affected versions: All versions < V3.2 - Remediation: Update to V3.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109775640 * SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) - Affected versions: All versions < V3.2 - Remediation: Update to V3.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109775640 * SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) - Affected versions: All versions < V2.1 - Remediation: Update to V2.1 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109774207/ * SIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants) - Affected versions: All versions < V2.1 - Remediation: Update to V2.1 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109774207/ * SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) - Affected versions: All versions < V2.2 - Remediation: Update to V2.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109775642 * SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) - Affected versions: All versions < V2.1 - Remediation: Update to V2.1 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109774207/ * SIMATIC CP 1623 (6GK1162-3AA00) - Affected versions: All versions < V14.00.15.00_51.25.00.01 - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: The updated firmware is contained in SIMATIC NET PC Software V14 Update 14 or later version or SIMATIC NET PC Software V16 Update 5 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109804739 * SIMATIC CP 1628 (6GK1162-8AA00) - Affected versions: All versions < V17.0 - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: Update to V17.0 See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109798403 * SIMATIC ITC1500 - Affected versions: All versions < V3.1.1.0 - Remediation: Update to V3.1.1.0 See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109783768 * SIMATIC ITC1500 PRO - Affected versions: All versions < V3.1.1.0 - Remediation: Update to V3.1.1.0 See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109783768 * SIMATIC ITC1900 - Affected versions: All versions < V3.1.1.0 - Remediation: Update to V3.1.1.0 See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109783768 * SIMATIC ITC1900 PRO - Affected versions: All versions < V3.1.1.0 - Remediation: Update to V3.1.1.0 See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109783768 * SIMATIC ITC2200 - Affected versions: All versions < V3.1.1.0 - Remediation: Update to V3.1.1.0 See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109783768 * SIMATIC ITC2200 PRO - Affected versions: All versions < V3.1.1.0 - Remediation: Update to V3.1.1.0 See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109783768 * SIMATIC MV540 H (6GF3540-0GE10) - Affected versions: All versions < V2.1 - Remediation: Update to V2.1 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109781769 * SIMATIC MV540 S (6GF3540-0CD10) - Affected versions: All versions < V2.1 - Remediation: Update to V2.1 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109781769 * SIMATIC MV550 H (6GF3550-0GE10) - Affected versions: All versions < V2.1 - Remediation: Update to V2.1 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109781769 * SIMATIC MV550 S (6GF3550-0CD10) - Affected versions: All versions < V2.1 - Remediation: Update to V2.1 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109781769 * SIMATIC MV560 U (6GF3560-0LE10) - Affected versions: All versions < V2.1 - Remediation: Update to V2.1 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109781769 * SIMATIC MV560 X (6GF3560-0HE10) - Affected versions: All versions < V2.1 - Remediation: Update to V2.1 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109781769 * SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) - Affected versions: All versions < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) - Affected versions: All versions < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) - Affected versions: All versions < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) - Affected versions: All versions < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) - Affected versions: All versions < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) - Affected versions: All versions < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) - Affected versions: All versions < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) - Affected versions: All versions < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) - Affected versions: All versions < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) - Affected versions: All versions < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) - Affected versions: All versions < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) - Affected versions: All versions < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) - Affected versions: All versions < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) - Affected versions: All versions < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) - Affected versions: All versions < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) - Affected versions: All versions < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) - Affected versions: All versions < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) - Affected versions: All versions < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC RF185C (6GT2002-0JE10) - Affected versions: All versions < V1.3 - Remediation: Update to V1.3 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109781665 * SIMATIC RF186C (6GT2002-0JE20) - Affected versions: All versions < V1.3 - Remediation: Update to V1.3 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109781665 * SIMATIC RF186CI (6GT2002-0JE50) - Affected versions: All versions < V1.3 - Remediation: Update to V1.3 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109781665 * SIMATIC RF188C (6GT2002-0JE40) - Affected versions: All versions < V1.3 - Remediation: Update to V1.3 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109781665 * SIMATIC RF188CI (6GT2002-0JE60) - Affected versions: All versions < V1.3 - Remediation: Update to V1.3 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109781665 * SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0, 6AG1518-4AX00-4AC0, incl. SIPLUS variant) - Affected versions: All versions < V2.8.4 - Remediation: Update to V2.8.4 See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109761490 * SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0) - Affected versions: All versions < V2.8.4 - Remediation: Update to V2.8.4 See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109761495 * SIMATIC Teleservice Adapter IE Advanced - Affected versions: All versions - Remediation: Currently no fix is planned See recommendations from section "Workarounds and Mitigations" * SIMATIC Teleservice Adapter IE Basic - Affected versions: All versions - Remediation: Currently no fix is planned See recommendations from section "Workarounds and Mitigations" * SINEMA Remote Connect Server - Affected versions: All versions < V2.1 - Remediation: Update to V2.1 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109777247 * SINUMERIK 808D - Affected versions: All versions < V4.92 - Remediation: Update to V4.92 or later version See further recommendations from section "Workarounds and Mitigations" - Download: The update can be obtained from your Siemens representative or via Siemens customer service. * SINUMERIK 828D - Affected versions: All versions < V4.8 SP5 - Remediation: Update to V4.8 SP5 or later version See further recommendations from section "Workarounds and Mitigations" - Download: The update can be obtained from your Siemens representative or via Siemens customer service. * SINUMERIK 840D sl - Affected versions: All versions < V4.8 SP5 - Remediation: Update to V4.8 SP5 or later version See further recommendations from section "Workarounds and Mitigations" - Download: The update can be obtained from your Siemens representative or via Siemens customer service. * SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) - Affected versions: All versions < V2.1 - Remediation: Update to V2.1 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109774207/ * SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) - Affected versions: All versions < V2.1 - Remediation: Update to V2.1 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109774207/ * SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) - Affected versions: All versions < V3.3 - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: Update to V3.3 or later version See recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109817938/ * SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) - Affected versions: All versions < V3.3 - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: Update to V3.3 or later version See recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109817938/ * SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) - Affected versions: All versions < V2.2 - Remediation: Update to V2.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109775642 * SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) - Affected versions: All versions < V3.2 - Remediation: Update to V3.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109775640 * SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) - Affected versions: All versions < V3.2 - Remediation: Update to V3.2 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/document/109775640 * SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) - Affected versions: All versions < V2.1 - Remediation: Update to V2.1 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109774204 * TIM 3V-IE (incl. SIPLUS NET variants) - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: Currently no fix is planned See recommendations from section "Workarounds and Mitigations" * TIM 3V-IE Advanced (incl. SIPLUS NET variants) - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: Currently no fix is planned See recommendations from section "Workarounds and Mitigations" * TIM 3V-IE DNP3 (incl. SIPLUS NET variants) - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: Currently no fix is planned See recommendations from section "Workarounds and Mitigations" * TIM 4R-IE (incl. SIPLUS NET variants) - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: Currently no fix is planned See recommendations from section "Workarounds and Mitigations" * TIM 4R-IE DNP3 (incl. SIPLUS NET variants) - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-8460 - Remediation: Currently no fix is planned See recommendations from section "Workarounds and Mitigations" * TIM 1531 IRC (6GK7543-1MX00-0XE0) - Affected versions: All versions < V2.1 - Remediation: Update to V2.1 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109774204 WORKAROUNDS AND MITIGATIONS =========================== Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk: * Restrict network access to affected devices * Apply Defense-in-Depth * For SIMATIC Teleservice Adapters (IE Basic, IE Advanced): migrate to a successor product within the SCALANCE M-800 family. For details refer to the notice of discontinuation. Product-specific remediations or mitigations can be found in the section "Affected Products and Solution". Please follow the "General Security Recommendations". GENERAL SECURITY RECOMMENDATIONS ================================ As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial- security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity PRODUCT DESCRIPTION =================== Siemens CloudConnect is used to connect all kinds of plants with the cloud. SIMATIC RF600 Readers are used for the contactless identification of every kind of object, e.g. transport containers, pallets, production goods, or it can be generally used for recording goods in bulk. ROX-based VPN endpoints and firewall devices are used to connect devices that operate in harsh environments such as electric utility substations and traffic control cabinets. RUGGEDCOM APE serves as an utility-grade computing platform for the RUGGEDCOM RX1500 router family. It also allows to run third party software applications without needing to procure an external industrial PC. As the virtual machine environment for the RUGGEDCOM RX1400, the RUGGEDCOM VPE1400 is ideally suited for harsh environments, such as those found in electric power, transportation, defense systems and oil and gas industries. SCALANCE M-800, MUM-800 and S615 as well as the RUGGEDCOM RM1224 are industrial routers. SCALANCE S-600 devices (S602, S612, S623, S627-2M) are used to protect trusted industrial networks from untrusted networks. The S-600 devices are superseded by the SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C), or the SCALANCE S615. SCALANCE SC-600 devices (SC622-2C, SC626-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from untrusted networks. They allow filtering incoming and outgoing network connections in different ways. SCALANCE W products are wireless communication devices used to connect industrial components, like Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs), according to the IEEE 802.11 standard (802.11ac, 802.11a/b/g/h, and/or 802.11n). SCALANCE W1750D is an Access Point that supports IEEE 802.11ac standards for high-performance WLAN, and is equipped with two dual-band radios, which can provide access and monitor the network simultaneously. SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect SIMATIC S7-1200 controllers to Wide Area Networks (WAN). They provide integrated security functions such as firewall, Virtual Private Networks (VPN) and support of other protocols with data encryption. SIMATIC CP 1243-8 IRC communications processors connect SIMATIC S7-1200 controllers via the SINAUT ST7 telecontrol protocol to a control center or master ST7 stations. The SIMATIC CP 1543-1 and SIMATIC CP 1545-1 communication processor connects the S7-1500 controller to Ethernet networks. It provides integrated security functions such as firewall, Virtual Private Networks (VPN) and support of other protocols with data encryption. The communication processor protects S7-1500 stations against unauthorized access, as well as integrity and confidentiality of transmitted data. SIMATIC CP 1243-1 communications processors connect S7-1200 controllers to Ethernet networks. They provide integrated security functions such as firewall, Virtual Private Networks (VPN) and support of other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the S7-1500 controller to Ethernet networks. It provides integrated security functions such as firewall, Virtual Private Networks (VPN) and support of other protocols with data encryption. SIMATIC CP 343-1 and CP 443-1 are communication processors (CP) designed to enable Ethernet communication for SIMATIC S7-300/S7-400 CPUs. SIMATIC HMI Panels are used for operator control and monitoring of machines and plants. SIMATIC ITC Industrial Thin Clients represent powerful control terminals with high-resolution wide-screen touch displays in 12, 15, 19 and 22 inch formats. SIMATIC MV500 products are stationary optical readers, used to reliably capture printed, lasered, drilled, punched and dotpeen codes on a variety of different surfaces. SIMATIC RF185C, RF186C/CI, and RF188C/CI are communication modules for direct connection of SIMATIC identification systems to PROFINET IO/Ethernet and OPC UA. The SIMATIC S7-1500 MFP CPUs provide functionality of standard S7-1500 CPUs with the possibility to run C/C++ Code within the CPU-Runtime for execution of own functions / algorithms implemented in C/C++ and an additional second independent runtime environment to execute C/C++ applications parallel to the STEP 7 program if required. SIMATIC Teleservice adapters allow for remote maintenance of automation systems via phone or internet. The adapters are superseded by the SCALANCE M product family. SINEMA Remote Connect is a management platform for remote networks that enables the simple management of tunnel connections (VPN) between headquarters, service technicians, and installed machines or plants. It provides both the Remote Connect Server, which is the server application, and the Remote Connect Client, which is an OpenVPN client for optimal connection to SINEMA Remote Connect Server. SINUMERIK CNC offers automation solutions for the shop floor, job shops and large serial production environments. SIPLUS extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the product they are based on. TIM 1531 IRC is a communication module for SIMATIC S7-1500, S7-400, S7-300 with SINAUT ST7, DNP3 and IEC 60870-5-101/104 with three RJ45 interfaces for communication via IP-based networks (WAN / LAN) and a RS 232/RS 485 interface for communication via classic WAN networks. The TIM 3V-IE is a SINAUT ST7 communications module for the SIMATIC S7-300 with an RS232 interface for SINAUT communication via a classic WAN and an RJ45 interface for SINAUT communication via an IP-based network (WAN or LAN). TIM 3V-IE advanced communication module for SIMATIC S7-300 with an RS232 interface for SINAUT communication via a classic WAN and an RJ45 interface for SINAUT communication via an IP-based network (WAN or LAN). The TIM 4R-IE is a SINAUT ST7 communications module for the SIMATIC S7-300 with an RS232 interface for SINAUT communication via a classic WAN and an RJ45 interface for SINAUT communication via an IP-based network (WAN or LAN). The TIM 4R-IE DNP3 communication module for SIMATIC S7-300 with an RS232 interface for DNP3 communication via a classic WAN and an RJ45 interface for DNP3 communication via a IP-based network (WAN or LAN). VULNERABILITY CLASSIFICATION ============================ The vulnerability classification has been performed by using the CVSS scoring system in version 3.1 (CVSS v3.1) (https://www.first.org/cvss/). The CVSS environmental score is specific to the customer's environment and will impact the overall CVSS score. The environmental score should therefore be individually defined by the customer to accomplish final scoring. An additional classification has been performed using the CWE classification, a community-developed list of common software security weaknesses. This serves as a common language and as a baseline for weakness identification, mitigation, and prevention efforts. A detailed list of CWE classes can be found at: https://cwe.mitre.org/. * Vulnerability CVE-2019-8460 OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service. CVSS v3.1 Base Score: 7.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C CWE: CWE-1049: Excessive Data Query Operations in a Large Data Table * Vulnerability CVE-2019-11477 The kernel used in some products is affected by an integer overflow when handling TCP Selective Acknowledgements. A remote attacker could use this to cause a denial of service. CVSS v3.1 Base Score: 7.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C CWE: CWE-190: Integer Overflow or Wraparound * Vulnerability CVE-2019-11478 A remote attacker could cause a denial of service condition by sending specially crafted TCP Selective Acknowledgment (SACK) sequences to affected products. CVSS v3.1 Base Score: 5.3 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C CWE: CWE-400: Uncontrolled Resource Consumption * Vulnerability CVE-2019-11479 An attacker with network access to affected products could cause a denial of service condition because of a vulnerability in the TCP retransmission queue implementation kernel when handling TCP Selective Acknowledgements (SACK). CVSS v3.1 Base Score: 5.3 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C CWE: CWE-400: Uncontrolled Resource Consumption ACKNOWLEDGMENTS =============== Siemens thanks the following party for its efforts: * Artem Zinenko from Kaspersky for pointing out that SIPLUS should also be mentioned ADDITIONAL INFORMATION ====================== For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories HISTORY DATA ============ V1.0 (2019-09-10): Publication Date V1.1 (2019-10-08): Added solution for SINUMERIK 840D sl, SINUMERIK 828D, SINUMERIK 808D V1.2 (2019-11-12): Added solution for SIMATIC MV500. Removed SIMATIC RF166C from affected products V1.3 (2019-12-10): Added solution for SCALANCE W700. SIPLUS devices now explicitly mentioned in the list of affected products V1.4 (2020-02-11): Added solution for TIM 1531 IRC, for SIMATIC NET CP 1242-7, CP 1243-7 LTE (EU and US versions), CP 1243-1, CP 1243-8 IRC, CP 1543-1, CP 1542SP-1, CP 1542SP-1 IRC, CP 1543SP-1 and for SCALANCE W1700. Added products RUGGEDCOM APE1404 and RUGGEDCOM RX1400. Information regarding SINEMA Remote Connect Server corrected V1.5 (2020-03-10): Added solution for SINEMA Remote Connect Server, SCALANCE M-800 / S615 and RUGGEDCOM RM1224. Added products SIMATIC NET CP 1623 and CP 1628. Information regarding SIMATIC MV500 corrected V1.6 (2020-04-14): Added solution for ROX II V1.7 (2020-06-09): Added products SIMATIC NET CP 443-1 OPC UA, CP 443-1 RNA, CP 442-1 RNA, CP 443-1, CP 443-1 Advanced and CP 343-1 Advanced. Included additional information to CP 1623 and CP 1628 regarding affected CVE. Added CVE-2019-8460 - affected products are identified accordingly. V1.8 (2020-08-11): Informed about successor product for SIMATIC Teleservice adapters V1.9 (2020-09-08): Added solution for SIMATIC RF18xC/CI V2.0 (2020-10-13): Added solution for SIMATIC MV500 and SCALANCE W1750D V2.1 (2020-12-08): Added solution for SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V2.2 (2021-04-13): Added affected products SCALANCE S602, SCALANCE S612, SCALANCE S623, and SCALANCE S627-2M and added solution for SIMATIC ITC1500 (PRO), SIMATIC ITC1900 (PRO), and SIMATIC ITC2200 (PRO) V2.3 (2021-05-11): Added affected products TIM 3V-IE, TIM 3V-IE Advanced, TIM 3V-IE DNP3, TIM 4R-IE and TIM 4R-IE DNP3 V2.4 (2021-07-13): Added solution for SIMATIC NET CP 1623 and SIMATIC NET CP 1628 V2.5 (2021-09-14): Added solution for SIMATIC NET CM 1542-1 V2.6 (2022-02-08): Updated solution for SIMATIC CP 1623; Clarified that currently no remediation is planned for SIMATIC CP 442-1 RNA, SIMATIC CP 443-1 RNA, TIM 3V-IE and TIM 4R-IE devices V2.7 (2022-03-08): Readded SCALANCE S615 to the list of affected products V2.8 (2022-04-12): Updated remediation for SIMATIC CP 1623; Added solution for SIMATIC RF600R family and clarified list of affected devices V2.9 (2022-05-10): Added solution for SIMATIC CP 442-1 RNA and SIMATIC CP 443-1 RNA V3.0 (2022-06-14): No fix planned for SIMATIC NET CP 443-1 V3.1 (2023-04-11): Added fix for SIMATIC CP 443-1 and CP 443-1 Advanced TERMS OF USE ============ Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use. Copyright: Siemens 2023 -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEHyx/myPwjH9jB9tDlm7gTEmyujQFAmQ0owAACgkQlm7gTEmy ujSADBAAqHmzZgCWDWAORVvXLNgOYeee24pRErhJPoXdKC8QfZTwPg7/Se+gi0Gi LIqUJLtKnxbsfy2YBv6SstlPO/CPcm8u5f1h7B2YWPhqtaQ8jt1ryZHgvP6OGlpc d2etAlDw77WoW9rHYHiinQT7meFOcInrzEVUbNMtl7FelsfdeP8BYtsfeIx4J23p JD+ixXIEZuFG75V9cTU9MVe/vIJwOvH/h6ryCp176LH5dcbTxtwDqmk5XVQxf3WL mlrl6EtednbCFtShrl4gubIB4J0NOuk5EMP/W/bo36DtxJy7iXtDgQx8sS0w1dT1 SkqkCCm1gZ9kA00z+stBUeCsiXBHjYfpV8Ebt9jl1JfcdinBntlsOotGw1SxpqZX /Kv5ha6rFu34vmtdWh26cMjIoiH+7g0T6oZ2JAu+rWhAolGLGh/PGrRLWBoroMHv h7XEosYIuRoM5J9s7vOeFl6OtGdwuLKWXRm4f5WuiMfFkKe8bMpp46ixFAVhu44I J5hfqXqdlV+9mQ9l/noqscSgvH3eGflgqUi5y342o7SpBgfM0qW3k3ZXNqwbWy+P qD3ceN4w9Do60YXclu00M3fKhe96I1+HWWsELoOet4QOJW39GBaUTL10Z1OXjnay iwTItb2AcucnfuZ0NwWHCLKDQkAFvK17L5RMd6121IsqayOs8Ag= =j+Gv -----END PGP SIGNATURE-----