Publication Date: 2022-05-10
Last Update: 2022-06-14
Current Version: V1.1
CVSS v3.1 Base Score: 7.8

Affected Product and Versions Remediation
SIMATIC PCS 7 V9.0 and earlier:
All versions
Currently no fix is planned
See recommendations from section Workarounds and Mitigations
SIMATIC PCS 7 V9.1:
All versions < V9.1 SP1 UC01
Update to V9.1 SP1 UC01 or later version
https://support.industry.siemens.com/cs/ww/en/view/109805072/

Update SIMATIC WinCC to V7.5 SP2 Update 8 or later version
See further recommendations from section Workarounds and Mitigations
SIMATIC WinCC Runtime Professional V16 and earlier:
All versions
Currently no fix is planned
See recommendations from section Workarounds and Mitigations
SIMATIC WinCC Runtime Professional V17:
All versions < V17 Upd4
Update to V17 Upd4 or later version
https://support.industry.siemens.com/cs/ww/en/view/109800913/
See further recommendations from section Workarounds and Mitigations
SIMATIC WinCC V7.4 and earlier:
All versions
Currently no fix is planned
See recommendations from section Workarounds and Mitigations
SIMATIC WinCC V7.5:
All versions < V7.5 SP2 Update 8
Update to V7.5 SP2 Update 8 or later version
https://support.industry.siemens.com/cs/ww/en/view/109793460/
See further recommendations from section Workarounds and Mitigations

CVSS v3.1 Base Score 7.8
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE: CWE-1188: Insecure Default Initialization of Resource

https://www.siemens.com/cert/advisories