France: Multiples Vulnerabilities Detected in Siemens Products

Siemens products face a significant security threat due to multiple vulnerabilities, warns a security bulletin released on September 12, 2023. The vulnerabilities pose various risks, including data confidentiality breaches, security policy bypass, remote denial of service attacks, remote code execution, and privilege escalation.

The affected systems include:

• JT2Go versions prior to 14.3.0.1
• PSS(R)CAPE versions 14.x prior to 14.2023-08-23
• PSS(R)CAPE versions 15.x prior to 15.0.22
• PSS(R)E versions 34.x prior to 34.9.6
• PSS(R)E V35 all versions
• PSS(R)ODMS V13.0 all versions
• PSS(R)ODMS versions 13.1.x prior to 13.1.12.1
• Parasolid versions 34.1.x prior to 34.1.258
• Parasolid versions 35.0.x prior to 35.0.253
• Parasolid versions 35.1.x prior to 35.1.184
• Parasolid versions 36.0.x prior to 36.0.142
• QMS Automotive versions prior to 12.39
• Various versions of RUGGEDCOM APE1808 devices
• SIMATIC Cloud Connect 7 CC712 and CC716 versions prior to 2.2
• Various SIMATIC Drive Controller and CPU 1500 series versions
• SIMATIC S7-1500 CPU series versions
• SIMATIC S7-1500 Software Controller V2 versions prior to 21.9.7
• SIMATIC WinCC OA versions 3.19.x prior to 3.19 P006
• SIMIT Simulation Platform all versions
• SIPLUS ET 200SP CPU and CPU RAIL versions
• SIPLUS S7-1500 CPU series versions
• Teamcenter Visualization versions 13.3.x, 14.1.x, 14.2.x, and 14.3.x

These vulnerabilities could potentially lead to severe consequences if exploited. Siemens has not released any patches or updates yet. Users are strongly advised to take precautionary measures and closely monitor Siemens’ official channels for security updates.

Please note that this news is based on information provided by CERT-FR and Siemens security bulletins. For more details and specific actions to mitigate these vulnerabilities, refer to the official Siemens security advisories.

https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0733/