Publication Date:
Last Update:
Current Version: V1.9
CVSS v3.1 Base Score: 8.4
Un-/Collapse All
Affected Product and Versions Remediation

All versions < V1.0.202N
affected by multiple CVEs
Expand children
Open for details
Expand children
Expand children
Open for details
  • As a prerequisite for an attack, an attacker must be able to run untrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code

Product-specific remediations or mitigations can be found in the section Affected Products and Solution.
Please follow the General Security Recommendations.

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE CWE-822: Untrusted Pointer Dereference
CVSS v3.1 Base Score 6.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE CWE-269: Improper Privilege Management
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-829: Inclusion of Functionality from Untrusted Control Sphere
CVSS v3.1 Base Score 8.2
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-256: Plaintext Storage of a Password
CVSS v3.1 Base Score 8.2
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS v3.1 Base Score 8.2
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS v3.1 Base Score 8.2
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 8.2
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE CWE-770: Allocation of Resources Without Limits or Throttling
CVSS v3.1 Base Score 8.2
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE CWE-829: Inclusion of Functionality from Untrusted Control Sphere
CVSS v3.1 Base Score 6.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 8.2
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 8.2
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 8.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 8.2
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 5.2
CVSS v3.1 Vector CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
CWE CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS v3.1 Base Score 6.7
CVSS v3.1 Vector CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 8.2
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 8.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS v3.1 Base Score 8.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS v3.1 Base Score 8.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS v3.1 Base Score 8.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 8.2
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 8.2
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE CWE-20: Improper Input Validation

For RUGGEDCOM APE1808 devices use the APE software upgrade tool (https://support.industry.siemens.com/cs/ww/en/view/109814796/) to update the BIOS version.

https://www.siemens.com/cert/advisories
V1.0 (2022-02-22): Publication Date
V1.1 (2022-03-08): Corrected AV:L for all CVEs, added RUGGEDCOM APE1808 and SIMATIC IPC477E PRO
V1.2 (2022-07-12): Added CVE-2021-43613, CVE-2021-43614 and CVE-2021-38489, add fix for SIMATIC Field PG M6, SIMATIC ITP1000 for all CVEs except CVE-2021-43613
V1.3 (2022-08-09): Added fix for SIMATIC IPC227G, SIMATIC IPC277G, SIMATIC IPC327G, SIMATIC IPC377G, clarified affected versions for RUGGEDCOM APE1808
V1.4 (2022-10-11): Added partial fix for SIMATIC IPC427E, SIMATIC IPC477E, SIMATIC IPC477E Pro
V1.5 (2023-02-14): Added partial fix for SIMATIC IPC627E, SIMATIC IPC677E, SIMATIC IPC677E, and SIMATIC IPC847E
V1.6 (2023-07-11): Added fix SIMATIC Field PG M5
V1.7 (2023-08-08): Removed fix for SIMATIC Field PG M6 as fix version was withdrawn
V1.8 (2023-11-14): Added fix for SIMATIC IPC127E
V1.9 (2025-04-08): Added fix for all CVE IDs for SIMATIC Field PG M6; Added fix for CVE-2021-43613 for SIMATIC IPC627E / IPC647E / IPC677E / IPC847E; Removed fix for CVE-2021-43613 for SIMATIC Field PG M5 as this CVE was not fixed in version V22.01.11; RUGGEDCOM APE1808 - BIOS: Removed CVE-2020-5953, CVE-2021-41840 and CVE-2021-43614 as not affected; added the link to the APE software upgrade tool to apply a BIOS version that fixes the other CVE IDs