Rewterz Threat Advisory – CVE-2019-0275 SAP NetWeaver Java AS Cross Site Scripting Vulnerability
March 13, 2019Rewterz Threat Alert – Citrix Network Breached
March 14, 2019Rewterz Threat Advisory – CVE-2019-0275 SAP NetWeaver Java AS Cross Site Scripting Vulnerability
March 13, 2019Rewterz Threat Alert – Citrix Network Breached
March 14, 2019Severity
Medium
Analysis Summary
Specially crafted messages sent to the RPC service of the affected products could cause a denial-of-service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality.
Impact
Denial of service
Affected Products
Siemens
SIMATIC PCS 7
SIMATIC WinCC
SIMATIC WinCC Runtime Professional
SIMATIC NET PC Software
Remediation
Siemens has released updates for several affected products and recommends users update to the new version.
- OpenPCS 7 v8.1: Update to OpenPCS 7 v8.1 Upd 5
https://support.industry.siemens.com/cs/ww/en/view/109761055
- SIMATIC BATCH v8.0: Install SIMATIC Batch v8.0 SP1 Upd21:
https://support.industry.siemens.com/cs/ww/en/view/109756847
- SIMATIC BATCH v8.1: Install SIMATIC Batch v8.1 SP1 Upd16:
https://support.industry.siemens.com/cs/ww/en/view/109756846
- SIMATIC BATCH v8.2: Update to SIMATIC Batch v8.2 Upd10:
https://support.industry.siemens.com/cs/ww/en/view/109757796
- SIMATIC NET PC-Software: Update to v15 SP1
https://support.industry.siemens.com/cs/ww/de/view/109762690
- SIMATIC PCS 7 v8.2: Install v8.2 SP1:
To obtain SIMATIC PCS 7 v8.2 SP1 contact local support.
- SIMATIC PCS 7 v9.0: Install v9.0 SP1:
To obtain SIMATIC PCS 7 v9.0 SP1 contact local support.
- SIMATIC Route Control v8.2:
To obtain SIMATIC PCS 7 v8.2 SP1 contact local support.
- SIMATIC WinCC Runtime Professional v13: Update to v13 SP2 Upd2
https://support.industry.siemens.com/cs/ww/en/view/109759753
- SIMATIC WinCC Runtime Professional v14: Update to v14 SP1 Upd5:
https://support.industry.siemens.com/cs/ww/en/view/109747394
SIMATIC WinCC v7.2 and earlier: Update to WinCC 7.2 Upd15:
https://support.industry.siemens.com/cs/ww/de/view/109762887
- SIMATIC WinCC v7.3: Update to WinCC 7.3 Upd16:
https://support.industry.siemens.com/cs/ww/en/view/109756123
- SIMATIC WinCC v7.4: Update to v7.4 SP1 Upd9
https://support.industry.siemens.com/cs/ww/de/view/109762790