Siemens has identified a vulnerability in several of its industrial control system products, including TIA Portal, SIMATIC, and SIRIUS. The vulnerability, known as the “Deserialization of Untrusted Data,” could allow attackers to execute arbitrary code within affected systems, posing a serious risk to industries relying on these technologies. Siemens urges users to update to the latest software versions to mitigate the risk.
The affected products include various versions of SIMATIC STEP 7, WinCC, SIMOCODE, and SIRIUS systems, spanning versions 16 to 18 of TIA Portal. These systems are widely used in critical infrastructure sectors such as energy, manufacturing, and water systems across the globe. Siemens recommends updating to the latest versions to avoid potential exploitation.
The vulnerability, tracked as CVE-2023-32735, carries a CVSS v4 base score of 7.0, highlighting the seriousness of the risk. Though the attack complexity is low, successful exploitation requires user interaction, which increases the potential for misuse. Siemens advises taking immediate action to prevent the exploitation of this vulnerability in industrial environments.
Siemens, along with CISA, has provided specific mitigations, including avoiding untrusted files and ensuring secure network configurations. The advisory also emphasizes the importance of isolating control systems behind firewalls and securing them with VPNs. Additional best practices for industrial security can be found in the Siemens security guidelines and CISA’s cybersecurity recommendations.