Publication Date: 2022-04-19
Last Update: 2022-06-14
Current Version: V1.2
CVSS v3.1 Base Score: 9.8

Affected Product and Versions Remediation
Operation Scheduler:
All versions < 2.0.4
Update to V2.0.4 or later version
See further recommendations from section Workarounds and Mitigations
SIMATIC Speech Assistant for Machines (SAM):
All versions < V1.2.1
Update to V1.2.1 or later version. Please contact customer support to obtain the patch
See further recommendations from section Workarounds and Mitigations
SINEC NMS:
All versions
Currently no fix is available
Block both incoming and outgoing connections between the system and the Internet
See further recommendations from section Workarounds and Mitigations
SiPass integrated V2.80:
All versions
Apply the patch
https://support.industry.siemens.com/cs/ww/en/view/109805711/
See further recommendations from section Workarounds and Mitigations
SiPass integrated V2.85:
All versions
Apply the patch
https://support.industry.siemens.com/cs/ww/en/view/109805711/
See further recommendations from section Workarounds and Mitigations
Siveillance Identity V1.5:
All versions
Update to V1.5 SP4 and apply the patch
https://support.industry.siemens.com/cs/ww/en/view/109810454/
See further recommendations from section Workarounds and Mitigations
Siveillance Identity V1.6:
All versions
Update to V1.6 SP1 and apply the patch
https://support.industry.siemens.com/cs/ww/en/view/109810454/
See further recommendations from section Workarounds and Mitigations

CVSS v3.1 Base Score 9.8
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE: CWE-20: Improper Input Validation

https://www.siemens.com/cert/advisories