Publication Date: 2022-05-10
Last Update: 2022-05-10
Current Version: V1.0
CVSS v3.1 Base Score: 7.5

Affected Product and Versions Remediation
SIMATIC NET PC Software V14:
All versions < V14 SP1 Update 14
Update to V14 SP1 Update 14 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807351/
See further recommendations from section Workarounds and Mitigations
SIMATIC NET PC Software V15:
All versions
Currently no fix is planned
See recommendations from section Workarounds and Mitigations
SIMATIC NET PC Software V16:
All versions
Currently no fix is planned
See recommendations from section Workarounds and Mitigations
SIMATIC NET PC Software V17:
All versions < V17 SP1
Update to V17 SP1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109808270/
See further recommendations from section Workarounds and Mitigations
SIMATIC Process Historian OPC UA Server:
All versions < 2020 SP1
Update to Version 2020 SP1 or later version
For PCS neo: Update to PCS neo V3.1 SP1 (https://support.industry.siemens.com/cs/ww/de/view/109807752/)
For PCS 7: Update to PCS 7 V9.1 SP1 (https://support.industry.siemens.com/cs/ww/en/view/109805073/)
For WinCC: contact local support
See further recommendations from section Workarounds and Mitigations
SIMATIC WinCC:
All versions
Currently no fix is available
See recommendations from section Workarounds and Mitigations
SIMATIC WinCC Runtime Professional:
All versions
Currently no fix is available
See recommendations from section Workarounds and Mitigations
SIMATIC WinCC Unified Scada Runtime:
All versions
Currently no fix is available
See recommendations from section Workarounds and Mitigations
TeleControl Server Basic V3:
All versions
Currently no fix is available
See recommendations from section Workarounds and Mitigations

CVSS v3.1 Base Score 7.5
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

https://www.siemens.com/cert/advisories