Is zenon affected by the vulnerabilities in Siemens S7 PLCs?

Is zenon affected by the vulnerabilities in Siemens S7 PLCs?

Vulnerabilities have been discovered in a range of Siemens PLCs that may lead to a full compromise of the PLCs affected. In the bulletins SSA-568427 and SSB-898115, Siemens recommends updating PLCs to a current firmware version, migrating the programming to TIA17 and reinitialize the PLC with the updated program. A setting "Only allow secure PG/PC and HMI communication" is enabled by default in TIA17, that is required further, to fully mitigate the risk. With the option enabled, also TLS is used for the communication.

When the setting "Only allow secure PG/PC and HMI communication" is enabled, communication with the PLC using e.g. the S7TCP32 driver or the S7TIA driver in zenon, is no longer possible. For TIA17 projects, it was already necessary to disable this option to allow communication. COPA-DATA follows Siemens' recommendations to use legacy (i.e., not TLS-based) PG/PC and HMI communication only in trusted network environments.

CSW-Nr. 2022-266796-1112
SSA-568427
SSB-898115
CVE-2022-38465

    • Related Articles

    • zenon Changesets Excel

      Here, you can access a comprehensive list of changes across all maintained versions of the zenon Software Platform as Excel Worksheets. This includes both implemented bug-fixes and new features. Additionally, these lists are available in CSV format ...

    • zenon Changesets CSV

      Here, you can access a comprehensive list of changes across all maintained versions of the zenon Software Platform as Excel Worksheets. This includes both implemented bug-fixes and new features. Additionally, these lists are available in as Excel ...

    • Engineering Studio: Add Driver 'Siemens : S7 driver for S7-1200/1500' to Zenon Project - Error when starting driver

      Summary The S7TIA/S7 for S7-1200/1500 driver cannot be started. This issue has been solved. Description The attempt to add the driver S7TIA/S7 for S7-1200/1500 to a project fails in some constellations with an error message (Error code 0x8001011f). ...

    • CD_SVA_2023_2: security vulnerabilities in the zenon platform

      A report has been received for the following security vulnerabilities in the zenon software platform: CVE-2023-3321 CVE-2023-3323 CVE-2023-3324 Further details regarding the vulnerabilities, mitigation options and product fixes that may be available, ...

    • FAQ: Are products in the zenon product family affected by vulnerabilities, labeled INFRA:HALT?

      The vulnerabilities labelled INFRA:HALT exist in a TCP/IP stack of a specific vendor typically found on embedded devices (InterNiche stack (NicheStack) and NicheLite). COTS products within the zenon product family make use of the standard TCP/IP ...