ICSA-21-103-11 — Vulnetix

ICSA-21-103-11 PUBLISHED CVSS 7.5 HIGH

TIM 4R-IE devices contain multiple vulnerabilities in the integrated NTP component as listed below. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
	SIPLUS NET TIM 4R-IE DNP3 (6AG1803-4BA00-7AA0)
	TIM 4R-IE (6NH7800-4BA00)
	SIPLUS NET TIM 4R-IE (6AG1800-4BA00-7AA0)
	TIM 4R-IE DNP3 (6NH7803-4BA00-0AA0)

Timeline

Apr 13, 2021 CVE Published
Jun 10, 2025 CVE Updated

References

https://cert-portal.siemens.com/productcert/csaf/ssa-497656.json advisory
https://cert-portal.siemens.com/productcert/html/ssa-497656.html advisory
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-103-11.json advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-21-103-11 advisory
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
https://www.cisa.gov/topics/industrial-control-systems url
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url

Open in Interactive Console →