Publication Date: |
|
Last Update: |
|
Current Version: | V1.9 |
CVSS v3.1 Base Score: | 8.4 |
Affected Product and Versions | Remediation |
---|---|
All versions < V1.0.202N affected by multiple CVEs
CVE-2020-27339
CVE-2021-33625 CVE-2021-33626 CVE-2021-33627 CVE-2021-38489 CVE-2021-41837 CVE-2021-41838 CVE-2021-41839 CVE-2021-41841 CVE-2021-42059 CVE-2021-42060 CVE-2021-42113 CVE-2021-42554 CVE-2021-43323 CVE-2021-43522 CVE-2021-43613 CVE-2021-43615 CVE-2021-45969 CVE-2021-45970 CVE-2021-45971 CVE-2022-24030 CVE-2022-24031 CVE-2022-24069 |
Update to V1.0.202N or later version
|
|
Open for details
|
|
Update to V27.01.09 or later version
|
|
Open for details
|
Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:
As a prerequisite for an attack, an attacker must be able to run untrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code
Product-specific remediations or mitigations can be found in the section
Affected Products and Solution.
Please follow the General Security Recommendations.
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.
CVSS v3.1 Base Score | 7.5 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
CWE | CWE-822: Untrusted Pointer Dereference |
CVSS v3.1 Base Score | 6.7 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
CWE | CWE-269: Improper Privilege Management |
CVSS v3.1 Base Score | 7.5 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
CWE | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer |
CVSS v3.1 Base Score | 7.8 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CWE | CWE-829: Inclusion of Functionality from Untrusted Control Sphere |
CVSS v3.1 Base Score | 8.2 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
CWE | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer |
CVSS v3.1 Base Score | 7.8 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CWE | CWE-256: Plaintext Storage of a Password |
CVSS v3.1 Base Score | 8.2 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
CWE | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer |
CVSS v3.1 Base Score | 8.2 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
CWE | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer |
CVSS v3.1 Base Score | 8.2 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
CWE | CWE-476: NULL Pointer Dereference |
CVSS v3.1 Base Score | 8.2 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
CWE | CWE-770: Allocation of Resources Without Limits or Throttling |
CVSS v3.1 Base Score | 8.2 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
CWE | CWE-829: Inclusion of Functionality from Untrusted Control Sphere |
CVSS v3.1 Base Score | 6.7 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
CWE | CWE-787: Out-of-bounds Write |
CVSS v3.1 Base Score | 8.2 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
CWE | CWE-20: Improper Input Validation |
CVSS v3.1 Base Score | 8.2 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
CWE | CWE-20: Improper Input Validation |
CVSS v3.1 Base Score | 8.4 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CWE | CWE-787: Out-of-bounds Write |
CVSS v3.1 Base Score | 8.2 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
CWE | CWE-20: Improper Input Validation |
CVSS v3.1 Base Score | 7.5 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
CWE | CWE-787: Out-of-bounds Write |
CVSS v3.1 Base Score | 5.2 |
CVSS v3.1 Vector | CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N |
CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
CVSS v3.1 Base Score | 6.7 |
CVSS v3.1 Vector | CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L |
CWE | CWE-400: Uncontrolled Resource Consumption |
CVSS v3.1 Base Score | 8.2 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
CWE | CWE-787: Out-of-bounds Write |
CVSS v3.1 Base Score | 8.4 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CWE | CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
CVSS v3.1 Base Score | 8.4 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CWE | CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
CVSS v3.1 Base Score | 8.4 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CWE | CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
CVSS v3.1 Base Score | 8.4 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CWE | CWE-787: Out-of-bounds Write |
CVSS v3.1 Base Score | 8.2 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
CWE | CWE-787: Out-of-bounds Write |
CVSS v3.1 Base Score | 8.2 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
CWE | CWE-20: Improper Input Validation |
For RUGGEDCOM APE1808 devices use the APE software upgrade tool (https://support.industry.siemens.com/cs/ww/en/view/109814796/) to update the BIOS version.
V1.0 (2022-02-22): | Publication Date |
V1.1 (2022-03-08): | Corrected AV:L for all CVEs, added RUGGEDCOM APE1808 and SIMATIC IPC477E PRO |
V1.2 (2022-07-12): | Added CVE-2021-43613, CVE-2021-43614 and CVE-2021-38489, add fix for SIMATIC Field PG M6, SIMATIC ITP1000 for all CVEs except CVE-2021-43613 |
V1.3 (2022-08-09): | Added fix for SIMATIC IPC227G, SIMATIC IPC277G, SIMATIC IPC327G, SIMATIC IPC377G, clarified affected versions for RUGGEDCOM APE1808 |
V1.4 (2022-10-11): | Added partial fix for SIMATIC IPC427E, SIMATIC IPC477E, SIMATIC IPC477E Pro |
V1.5 (2023-02-14): | Added partial fix for SIMATIC IPC627E, SIMATIC IPC677E, SIMATIC IPC677E, and SIMATIC IPC847E |
V1.6 (2023-07-11): | Added fix SIMATIC Field PG M5 |
V1.7 (2023-08-08): | Removed fix for SIMATIC Field PG M6 as fix version was withdrawn |
V1.8 (2023-11-14): | Added fix for SIMATIC IPC127E |
V1.9 (2025-04-08): | Added fix for all CVE IDs for SIMATIC Field PG M6; Added fix for CVE-2021-43613 for SIMATIC IPC627E / IPC647E / IPC677E / IPC847E; Removed fix for CVE-2021-43613 for SIMATIC Field PG M5 as this CVE was not fixed in version V22.01.11; RUGGEDCOM APE1808 - BIOS: Removed CVE-2020-5953, CVE-2021-41840 and CVE-2021-43614 as not affected; added the link to the APE software upgrade tool to apply a BIOS version that fixes the other CVE IDs |