Security Experts:

Connect with us

Hi, what are you looking for?



Siemens Patching Industrial Products Affected by Heartbleed

Siemens has updates available for two of its products affected by the Heartbleed vulnerability.

Siemens has updates available for two of its products affected by the Heartbleed vulnerability.

So far, Siemens has released updates for its eLAN and WinCC OA software. According to the company, the following products are also affected, but have not yet been patched:

  • S7-1500 V1.5 (affected when HTTPS active)
  • CP1543-1 V1.1 (affected when FTPS active)
  • APE 2.0 (affected when SSL/TLS component is used in customer implementation).

“Siemens is working on updates for the affected products and recommends specific countermeasures until fixes are available,” the company said in an advisory April 25.

In an advisory from the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Readiness Team (ICS-CERT), it was noted that a successful exploit of the affected products by an attacker with network access would allow the attacker to read sensitive data such as private keys and user credentials from the process memory.

“Impact to individual organizations depends on many factors that are unique to each organization,” according to the ICS-CERT. “ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.”

Siemens recommends operating all products, except perimeter devices, within only trusted networks. Users of eLAN should upgrade to version 8.3.3, while WinOCC OA users should upgrade to version 3.12-P006. While customers wait for patches for the other products, they have a number of steps they can take to mitigate the threat.

For S7-1500 V1.5:

  • Disable the web server, or
  • Limit web server access to trusted networks only
  • Remove the certificate from the browser

For CP1543-1 V1.1:

  • Disable FTPS, or
  • Use FTPS in trusted network, or
  • Use the VPN functionality to tunnel FTPS

For APE 2.0:

  • Update OpenSSL to 1.0.1g before distributing a solution. Follow instructions from Ruggedcom  to patch APE 2.0

“As a following security measure, Siemens strongly recommends to change passwords and renew certificates after securing the devices (either by patching or by implementing steps mentioned above),” according to the company’s advisory. “Old certificates should be revoked to prevent misuse. Siemens also recommends protecting network access to all products except for perimeter devices such as CP1543-1 with appropriate mechanisms. It is advised to follow recommended security practices and to configure the environment according to operational guidelines in order to run the devices in a protected IT environment.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet