Is zenon affected by the vulnerabilities in Siemens S7 PLCs?

Is zenon affected by the vulnerabilities in Siemens S7 PLCs?

Vulnerabilities have been discovered in a range of Siemens PLCs that may lead to a full compromise of the PLCs affected. In the bulletins SSA-568427 and SSB-898115, Siemens recommends updating PLCs to a current firmware version, migrating the programming to TIA17 and reinitialize the PLC with the updated program. A setting "Only allow secure PG/PC and HMI communication" is enabled by default in TIA17, that is required further, to fully mitigate the risk. With the option enabled, also TLS is used for the communication.

When the setting "Only allow secure PG/PC and HMI communication" is enabled, communication with the PLC using e.g. the S7TCP32 driver or the S7TIA driver in zenon, is no longer possible. For TIA17 projects, it was already necessary to disable this option to allow communication. COPA-DATA follows Siemens' recommendations to use legacy (i.e., not TLS-based) PG/PC and HMI communication only in trusted network environments.

CSW-Nr. 2022-266796-1112
SSA-568427
SSB-898115
CVE-2022-38465