Serial number: AV24-643
Date: November 12, 2024
On November 12, 2024, Siemens published security advisories to address vulnerabilities in multiple products. Included were updates for the following:
- Mendix Runtime V8, V9, V10, V10.6 and V10.12 – multiple versions
- OZW671 and OZW772 – versions prior to V5.2
- RUGGEDCOM CROSSBOW Station Access Controller – versions prior to V5.6
- SCALANCE M-800 family – versions prior to V8.2
- SIMATIC CP 1543-1 V4.0 – versions prior to V4.0.50
- SIMATIC S7-PLCSIM V16 and V17 – all versions
- SINEC INS – versions prior to V1.0 SP2 Update 3
- SINEC NSM – versions prior to V3.0 SP1
- SIPORT – versions prior to V3.4.0
- Solid Edge Se2024 – versions prior to V224.0 Update 9
- Spectrum Power 7 – versions prior to V24Q3
- TeleControl Server Basic V3.1 – versions prior to V3.1.2.1
- Totally Integrated Automation Portal
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates.
This alert was originated From: Canadian Centre for Cyber Security
https://cyber.gc.ca/en/alerts-advisories/control-systems-siemens-security-advisory-av24-643