Is zenon affected by the vulnerabilities in Siemens S7 PLCs?

Vulnerabilities have been discovered in a range of Siemens PLCs that may lead to a full compromise of the PLCs affected. In the bulletins SSA-568427 and SSB-898115, Siemens recommends updating PLCs to a current firmware version, migrating the programming to TIA17 and reinitialize the PLC with the updated program. A setting "Only allow secure PG/PC and HMI communication" is enabled by default in TIA17, that is required further, to fully mitigate the risk. With the option enabled, also TLS is used for the communication.

When the setting "Only allow secure PG/PC and HMI communication" is enabled, communication with the PLC using e.g. the S7TCP32 driver or the S7TIA driver in zenon, is no longer possible. For TIA17 projects, it was already necessary to disable this option to allow communication. COPA-DATA follows Siemens' recommendations to use legacy (i.e., not TLS-based) PG/PC and HMI communication only in trusted network environments.

CSW-Nr. 2022-266796-1112

SSA-568427

SSB-898115

CVE-2022-38465

Related Articles
CD_SVA_2023_2: security vulnerabilities in the zenon platform
A report has been received for the following security vulnerabilities in the zenon software platform: CVE-2023-3321 CVE-2023-3323 CVE-2023-3324 Further details regarding the vulnerabilities, mitigation options and product fixes that may be available, ...
FAQ: Are products in the zenon product family affected by vulnerabilities, labelled Ripple20?
The vulnerabilities labelled Ripple20 exist in a TCP/IP stack of a specific vendor typically found on embedded devices. COTS products within the zenon product family make use of the standard TCP/IP stack provided by the operating system and are ...
FAQ: Are products in the zenon product family affected by vulnerabilities, labeled INFRA:HALT?
The vulnerabilities labelled INFRA:HALT exist in a TCP/IP stack of a specific vendor typically found on embedded devices (InterNiche stack (NicheStack) and NicheLite). COTS products within the zenon product family make use of the standard TCP/IP ...
FAQ: Are products in the zenon product family affected by vulnerabilities, labelled AMNESIA:33?
The vulnerabilities labelled AMNESIA:33 exist in a number of open source TCP/IP stacks and forks of these stacks, typically found on embedded devices. COTS products within the zenon product family make use of the standard TCP/IP stack provided by the ...
SICAM230 Conversion wizard: Siemens IEC61850 driver(s) cannot be converted
Description When converting a SICAM® 230 project to a zenon project using the SICAM® Conversion Wizard, the Siemens IEC61850 driver is not converted correctly. No driver connections are created. Variables are not linked to the new IEC850 driver ...

Is zenon affected by the vulnerabilities in Siemens S7 PLCs?

Is zenon affected by the vulnerabilities in Siemens S7 PLCs?

Related Articles

CD_SVA_2023_2: security vulnerabilities in the zenon platform

FAQ: Are products in the zenon product family affected by vulnerabilities, labelled Ripple20?

FAQ: Are products in the zenon product family affected by vulnerabilities, labeled INFRA:HALT?

FAQ: Are products in the zenon product family affected by vulnerabilities, labelled AMNESIA:33?

SICAM230 Conversion wizard: Siemens IEC61850 driver(s) cannot be converted