Publication Date:
Last Update:
Current Version: V1.7
CVSS v3.1 Base Score: 7.4
Affected Product and Versions Remediation

All versions

All versions < V1.1.1
Use the Edge Management System to update to V1.1.1 or later version

All versions < V7.1

All versions < V7.1

All versions < V2.15.0

All versions < V2.15.0

All versions < V2.15.0

All versions < V2.15.0

All versions < V2.15.0

All versions < V2.15.0

All versions < V2.15.0

All versions < V2.15.0

All versions < V2.15.0

All versions < V2.15.0

All versions < V2.15.0

All versions < V7.1

All versions < V7.1

All versions < V7.1

All versions < V7.1

All versions < V7.1

All versions < V7.1

All versions < V7.1

All versions < V7.1

All versions < V7.1

All versions < V7.1

All versions < V7.1

All versions < V7.1

All versions < V7.1

All versions < V7.1

All versions < V7.1

All versions < V7.1

All versions < V7.1

All versions < V7.1

All versions < V2.3

All versions < V2.3

All versions < V2.3

All versions < V2.3

All versions < V2.3

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions

All versions < V3.0.0

All versions < V3.0.0

All versions < V3.0.0

All versions < V3.0.0

All versions < V3.0.0

All versions < V3.0.0

All versions < V1.2

All versions < V1.2

All versions < V1.2

All versions < V1.2

All versions < V1.2

All versions < V1.2

All versions

All versions

All versions

All versions

All versions

All versions

All versions < V5.2.6

All versions < V5.2.6

All versions < V5.2.6

All versions < V5.2.6

All versions < V5.2.6

All versions

All versions

All versions < V5.2.6

All versions < V5.2.6

All versions < V5.2.6

All versions < V5.2.6

All versions < V5.2.6

All versions < V5.2.6

All versions < V5.2.6

All versions < V5.2.6

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions

All versions

All versions < V5.2.6

All versions < V5.2.6

All versions

All versions

All versions < V5.2.6

All versions < V5.2.6

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V4.1.4

All versions < V3.3.46

All versions < V3.3.46

All versions < V3.3.46

All versions < V3.3.46

All versions < V3.3.46

All versions

All versions < V3.0.22

All versions < V1.1

All versions < V3.1 SP 1

All versions < 2020 SP1
Update to V2020 SP1 or later version
For PCS neo customers: Update to PCS neo V3.1 SP1 (https://support.industry.siemens.com/cs/ww/de/view/109807752/)
For PCS 7 customers: Update to PCS 7 V9.1 SP1 (https://support.industry.siemens.com/cs/ww/en/view/109805073/)
For WinCC customers: contact local support

All versions < V4.5.2

All versions

All versions < V3.1

All versions

All versions < V4.95 SP1
Upgrade to V4.95 SP1 or later version

All versions < V3.3.46

All versions < V3.0.22

All versions < V4.1.4

All versions < V3.3.46

All versions < V3.3.46

All versions < V1.0 SP7

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.

Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

The vulnerability classification has been performed by using the CVSS scoring system in version 3.1 (CVSS v3.1) (https://www.first.org/cvss/). The CVSS environmental score is specific to the customer’s environment and will impact the overall CVSS score. The environmental score should therefore be individually defined by the customer to accomplish final scoring.

An additional classification has been performed using the CWE classification, a community-developed list of common software security weaknesses. This serves as a common language and as a baseline for weakness identification, mitigation, and prevention efforts. A detailed list of CWE classes can be found at: https://cwe.mitre.org/.

CVSS v3.1 Base Score 7.4
CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read

https://www.siemens.com/cert/advisories

V1.0 (2022-02-08): Publication Date
V1.1 (2022-02-17): Added solutions for SIMATIC S7-1200 CPU family and SCALANCE W-700 IEEE 802.11ax family
V1.2 (2022-03-08): Added solution for SINUMERIK Operate and RUGGEDCOM ROX II; Added Industrial Edge products
V1.3 (2022-04-12): Added solution for RUGGEDCOM RCM1224 familiy, SCALANCE M-800 familiy, SCALANCE MUM-800 familiy, SCALANCE S615, SCALANCE X-300/X408 family, SIMATIC PCS neo, SIMATIC Process Historian OPC UA Server, SCALANCE W-1700 (11AC) family, SIMATIC CP 1543-1, and SIPLUS NET CP 1543-1
V1.4 (2022-05-10): Removed Industrial Edge - Inventory App as it is not affected; Added solution for Industrial Edge - PROFINET IO Connector
V1.5 (2022-06-14): Added fix for SIMATIC CP 1545-1 and SINEMA Remote Connect Server
V1.6 (2022-07-12): Added fix for TIA Administrator and SCALANCE X-200 switch family (incl. SIPLUS NET variants). Updated no fix planned for Industrial Edge - Machine Insight App
V1.7 (2022-08-09): Added fix for SIMATIC CP 1242-7 V2, CP 1243-7, CP 1243-1, CP 1243-8