×
Siemens Industry Online Support
Siemens AG
Entry type: Download, Entry ID: 109747626, Entry date: 07/17/2017
(2)
Rate

Updating the Intel Management Engine BIOS Extension for SIMATIC IPCs and SIMATIC Field PGs

  • Entry
  • Associated product(s)
List of updates for SIMATIC IPCs, SIMATIC Field PGs, PCS 7 systems, SINUMERIK and SIMOTION (troubleshooting for the security advisory INTEL-SA-00075)


Overview

In the "Intel Product Security Advisory" of 01.05.2017 (Intel IDINTEL-SA-00075) attention is brought to the vulnerability of systems with specific Intel processors with the "Active Management Technology" (AMT) function enabled.

Intel AMT is also available with corresponding processors for SIMATIC IPCs and SIMATIC Field PGs, but has to be enabled specifically. Normally, Intel AMT is disabled when the relevant SIMATIC products are delivered.

Detailed technical information is available on the Siemens ProductCERT website: ProductCERT Security Advisories

Affected products
Potentially affected are devices with the product designations, article numbers and BIOS or Management Engine (ME) versions from the following tables.

An update is necessary only if the Intel Active Management Technology is enabled on the device being used and the article number of the device with associated BIOS or ME version is listed in the table.

Updating a system

SIMATIC IPC / SIMATIC Field PG / SIMATIC PCS7 systems

For the affected systems, step-by-step updates of the Intel Management Engine BIOS Extension are provided. If a BIOS update is necessary, the corresponding link to the latest BIOS version is provided.

If you have questions or problems regarding an update, please get in touch with the Technical Support.

SINUMERIK PCU

If you have questions or problems regarding an update, please get in touch with the Technical Support for SINUMERIK.

SIMOTION systems

For technical questions regarding SIMOTION and quality information please get in touch with your Siemens contact.

Note regarding systems for which updates are not yet available
If you are using one of the listed device types for which no update is yet available, it is recommended to "unconfigure" the Active Management Technology in the BIOS setup.

Determining the device type and article number

The rating plate gives the device type and article number of your SIMATIC product. For example, the figure below shows you the rating plate of a SIMATIC IPC427E with article number 6AG4141-XXXXX-XXXX.



Rating plate with article number

Determining the BIOS version number

The BIOS version number can be found:

  • In the BIOS setup in the menu item "Main", which can be obtained by pressing the ESC key when starting the device.
  • In the software "SIMATIC IPC DiagBase" in the BIOS information.
  • In the software "SIMATIC IPC DiagMonitor" in the BIOS information.
  • In the Windows system information, which can be obtained via "Start -> Run -> msinfo32 -> System Overview".

Determining the ME version number

The ME version number can be found:

  • In the boot menu via the "MEBx" button (Intel Management Engine BIOS Extension), which can be obtained via the ESC when starting the device. The version number is in the menu header.
  • In the advanced Windows system information, which can be obtained via "Start -> Intel -> Intel Management Engine Components -> Intel Management and Security Status -> Advanced -> Button 'Advanced system details...' -> Intel ME Information -> Components Information".


SIMATIC IPCs

Table 01: Affected SIMATIC IPCs
 

TypeArticle no.VersionLink to the update
IPC427D
6AG4140-6*
6AG4140-7*
6AG4140-8*
BIOS < V17.0?.10108608500
IPC427E

6AG4141-5*

6AG4141-7*

BIOS < V21.01.04109742593
IPC477D

6AV7240-6*

6AV7240-7*

6AV7240-8*

6AV7244-5EA02-0HB0

6AV7244-5DA30-0YA0

6AV7244-5DA30-0YB0

BIOS < V17.0?.10109037442
IPC477D PRO

6AV7250-6*

6AV7250-7*

6AV7250-8*

BIOS < V17.0?.10109037442
IPC477E

6AV7241-5*

6AV7241-7*

BIOS < V21.01.04109742640
IPC547D

6AG4104-2C*

6AG4104-2D*

ME < V7.1.91.3272Download subject to export control Update (3.6 MB)

SHA-256 checksum

2ca747c12b752e80a0ab11a297dea0e5b573b6b6f28812225e9df068c8b1af7d

IPC547E

6AG4104-3H*

6AG4104-3K*

ME < V9.1.41.3024Download subject to export control Update (11.3 MB)

SHA-256 checksum

83859dc1ffd3fee7ee27ceb34f034419cf232b13655c206f03f9362d346047bb

IPC547G

6AG4104-4G*

6AG4104-4H*

6AG4104-4J*

ME < V11.0.26.3000Download subject to export control Update (11.4 MB)

SHA-256 checksum

46879fd46ce9e06c014f43a91b5d5740e7b242eade8aac4776199119c8e90f8c

IPC627C

6ES7647-6CG*

6ES7647-6CH*

6ES7647-6CJ*

ME < V6.2.61.3535Download subject to export control Update (4.5 MB)

SHA-256 checksum

8e6a8ebd0f528ea7b718e707f302ea24f52fca01f8c400da1bdbc0dc10a64a29

IPC627D

6AG4131-2G*

6AG4131-2H*

6AG4131-2J*

ME < V9.1.41.3024

Download subject to export control Update (6.3 MB)

SHA-256 checksum

7d7988173aa3c252dda135e45077e9545528ef5365f67ea64c9236cf4eb91fcd

IPC647C

6AG4112-1K* .. 6AG4112-1N*

6AG4112-1P*

6AG4112-1R*

ME < V6.2.61.3535Download subject to export control Update (4.5 MB)

SHA-256 checksum

4c6b40f6f69c33715fa4dda01af0f18f4b81a8274cdb170230f801e8ade83f95

IPC647D

6AG4112-2G*

6AG4112-2H*

6AG4112-2J*..6AG4112-2M*

ME < V9.1.41.3024

Download subject to export control Update (6.3 MB)

SHA-256 checksum

7d7988173aa3c252dda135e45077e9545528ef5365f67ea64c9236cf4eb91fcd

IPC677C

6AV789?-??G*

6AV789?-??H*

6AV789?-??J*

ME < V6.2.61.3535Download subject to export control Update (4.5 MB)

SHA-256 checksum

8e6a8ebd0f528ea7b718e707f302ea24f52fca01f8c400da1bdbc0dc10a64a29

IPC677D

6AV7260-?G*

6AV7260-?H*

6AV7260-?J*

ME < V9.1.41.3024

Download subject to export control Update (6.3 MB)

SHA-256 checksum

7d7988173aa3c252dda135e45077e9545528ef5365f67ea64c9236cf4eb91fcd

IPC827C

6ES7647-6PG*

6ES7647-6PH*

6ES7647-6PJ*

ME < V6.2.61.3535Download subject to export control Update (4.5 MB)

SHA-256 checksum

8e6a8ebd0f528ea7b718e707f302ea24f52fca01f8c400da1bdbc0dc10a64a29

IPC827D

6AG4132-2G*

6AG4132-2H*

6AG4132-2J*

ME < V9.1.41.3024

Download subject to export control Update (6.3 MB)

SHA-256 checksum

7d7988173aa3c252dda135e45077e9545528ef5365f67ea64c9236cf4eb91fcd

IPC847C

6AG4114-1K* .. 6AG4114-1N*

6AG4114-1P*

6AG4114-1R*

ME < V6.2.61.3535Download subject to export control Update (4.5 MB)

SHA-256 checksum

4c6b40f6f69c33715fa4dda01af0f18f4b81a8274cdb170230f801e8ade83f95

IPC847D

6AG4114-2G*

6AG4114-2H*

6AG4114-2J* .. 6AG4114-2N*

6AG4114-2P*

6AG4114-2Q*

ME < V9.1.41.3024Download subject to export control Update (6.3 MB)

SHA-256 checksum

7d7988173aa3c252dda135e45077e9545528ef5365f67ea64c9236cf4eb91fcd

ITP10006AV7880-0???2*BIOS < V23.01.02109748173

Legend

? = exactly 1 character
* = multiple characters


SIMATIC Field PGs

Table 02: Affected SIMATIC Field PGs
 

TypeArticle no.VersionLink to the update
Field-PG M3

6ES7715-1BB*

6ES7715-1CC*

ME < V6.2.61.3535Download subject to export control Update (4.5 MB)

SHA-256 checksum

bbd2c624a7d532fc3d68d47fccab9d8952cebd8dd74f9f444879944b3d127326

Field PG M4

6ES7716-1*

6ES7716-2*

BIOS < V18.01.06109037537
Field PG M5

6ES7717-0*

6ES7717-1*

BIOS < V22.01.03109738122

Legend

? = exactly 1 character
* = multiple characters


PCS 7 systems

Table 03: Affected PCS7 systems
 

TypeArticle no.VersionLink to the update
IPC427D

6ES7650-0UG??-0YX?

6ES7654-0UE23-0XX?

BIOS < V17.0?.10108608500
IPC427E6ES7650-0RJ02-0YX0BIOS < V21.01.04109742593
IPC477D6ES7650-0UG??-1YX?BIOS < V17.0?.10109037442
IPC547D

6ES7660-3*

6ES7650-0TH17-0YX0

ME < V7.1.91.3272Download subject to export control Update (3.6 MB)

SHA-256 checksum

2ca747c12b752e80a0ab11a297dea0e5b573b6b6f28812225e9df068c8b1af7d

IPC547E6ES7660-4*ME < V9.1.41.3024Download subject to export control Update (11.3 MB)

SHA-256 checksum

83859dc1ffd3fee7ee27ceb34f034419cf232b13655c206f03f9362d346047bb

IPC547G6ES7660-7*ME < V11.0.26.3000Download subject to export control Update (11.4 MB)

SHA-256 checksum

46879fd46ce9e06c014f43a91b5d5740e7b242eade8aac4776199119c8e90f8c

IPC627C / IPC677C

6ES7650-4A*

6EQ2020-0AC03-5XX0

ME < V6.2.61.3535Download subject to export control Update (4.5 MB)

SHA-256 checksum

8e6a8ebd0f528ea7b718e707f302ea24f52fca01f8c400da1bdbc0dc10a64a29

IPC627D / IPC677D6ES7650-4B*ME < V9.1.41.3024Download subject to export control Update (6.3 MB)

SHA-256 checksum

7d7988173aa3c252dda135e45077e9545528ef5365f67ea64c9236cf4eb91fcd

IPC647C6ES7660-1*ME < V6.2.61.3535Download subject to export control Update (4.5 MB)

SHA-256 checksum

4c6b40f6f69c33715fa4dda01af0f18f4b81a8274cdb170230f801e8ade83f95

IPC647D6ES7660-5*ME < V9.1.41.3024Download subject to export control Update (6.3 MB)

SHA-256 checksum

7d7988173aa3c252dda135e45077e9545528ef5365f67ea64c9236cf4eb91fcd

IPC847C6ES7660-2*ME < V6.2.61.3535Download subject to export control Update (4.5 MB)

SHA-256 checksum

4c6b40f6f69c33715fa4dda01af0f18f4b81a8274cdb170230f801e8ade83f95

IPC847D6ES7660-6*ME < V9.1.41.3024Download subject to export control Update (6.3 MB)

SHA-256 checksum

7d7988173aa3c252dda135e45077e9545528ef5365f67ea64c9236cf4eb91fcd

Legend

? = exactly 1 character
* = multiple characters


SINUMERIK

Table 04: Affected SINUMERIK PCUs
 

TypeArticle no.VersionLink to the update
PCU50.5-P, WINXP6FC5210-0DF53-2AA0ME < V6.2.61.3535Download subject to export control Update (4.5 MB)

SHA-256 checksum

8e6a8ebd0f528ea7b718e707f302ea24f52fca01f8c400da1bdbc0dc10a64a29

PCU50.5-P, WIN76FC5210-0DF53-3AA0ME < V6.2.61.3535Download subject to export control Update (4.5 MB)

SHA-256 checksum

8e6a8ebd0f528ea7b718e707f302ea24f52fca01f8c400da1bdbc0dc10a64a29


SIMOTION

Table 05: Affected SIMOTION systems
 

SIMOTIONArticle no.VersionLink to the update
P320-4S6AU1320-4DS66-3AG0BIOS S17.02.06.83.1

 Download unterliegt Exportcontrolle  Update (7,7 MB) 

SHA-256 checksum

859d616e02f56c210e773831078885275583e003315366488f69d1585dd3ce6d


Additional Keywords

CVE-2017-5689
Security information
In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about industrial security, please visit
http://www.siemens.com/industrialsecurity.