Users are advised to change the password of the affected PLC as soon as possible. This can be done by setting a password that is at least 8 characters long, containing letters, numbers and special characters. The password must be changed as soon as possible to prevent any further attacks. Users are advised to keep passwords for all PLCs in the company confidential and not to share them with anyone. XG5000 PLC programming software versions 7.0 - 7.1 and 7.2 - 7.3 are affected. XG5000 PLC programming software versions 8.0 - 8.1 and 8.2 - 8.3 are not affected. Version 8.0 of XG5000 PLC programming software has been released on February 10, 2018. This means that the risk of attackers sniffing the traffic between the affected PLC and the XG5000 PLC programming software and decrypting passwords has been reduced. However, due to the previously published information, users are advised to upgrade their XG5000 PLCs to the latest software version as soon as possible.
What is XG5000?
The XG5000 PLC programming software is a Windows-based application that integrates with other PLCs and allows operators to control the devices programmatically. The application is used in industrial automation, processes and HVAC applications.
The XG5000 PLC programming software is a Windows-based application that integrates with other PLCs and allows operators to control the devices programmatically. The application is used in industrial automation, processes and HVAC applications.
What to do if you are using XG5000 PLC programming software versions 7.0 - 7.3
The risk of attackers sniffing the traffic between the affected PLC and the XG5000 PLC programming software and decrypting passwords has been reduced due to the previously published information. However, due to the previously published information, users are advised to upgrade their XG5000 PLCs to the latest software version as soon as possible.
Infrastructure Concern s
On March 8, 2017, the National Cyber Incident Response Center (NCIRC) issued an alert on vulnerabilities associated with the Siemens PLC programming software. Siemens has since released updates to their XG5000 PLC programming software. Users are advised to change the password of affected PLCs as soon as possible and to keep current passwords confidential and not share them with anyone. Updates have also been released for XG5000 PLC versions 7.0 - 7.3 and 8.0 - 8.1 and 8.2 - 8.3 are available on the Siemens website https://www-us-support-securite-sciencesiemenscom/en_US/support/faq/index?article=V7&lang=EN&departure=true&W8_v7_EZ= .
What to do if you are using XG5000 PLC programming software?
If you are using XG5000 PLC programming software, it is recommended that you change passwords for all affected PLCs as soon as possible. You can also use the following methods to prevent attackers from sniffing the traffic between your PLC and the XG5000 PLC programming software:
1) Use an HTTPS connection when communicating with the XG5000 PLC programming software
2) Change the password of your first xg500c2-plcs.com account, which is used to communicate with the device while programming
Timeline
Published on: 08/31/2022 16:15:00 UTC
Last modified on: 09/08/2022 02:55:00 UTC