![]() In order to operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens operational guidelines for industrial security and follow the recommendations in the product manuals.Ĭlick here for additional information on industrial security by Siemens.įor more information about this issue, click on Siemens Security Advisory SSA-158827. If remote connections are needed, limit remote access to Port 4410/TCP to trusted systems onlyĪs a general security measure, Siemens recommends users protect network access to devices with appropriate mechanisms. ![]() On the Automation License Manager settings menu disable “Allow Remote Connections”.Siemens has workarounds and mitigations users can apply to reduce the risk: Siemens recommends users apply the following updates to mitigate this vulnerability: Automation License Manager 6: Update to v6.0 SP9 Update 2 or later. This vulnerability has a high attack complexity. No known public exploits specifically target this vulnerability. The product sees use in multiple industrial sectors, and on a global basis. Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet. If remote connections are needed, limit remote access to Port 4410/TCP to trusted systems only. CVE-2021-25659 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.9. On the Automation License Manager settings menu disable Allow Remote Connections.
0 Comments
Leave a Reply. |