Publication Date: 2022-02-17
Last Update: 2022-02-17
Current Version: V1.0
CVSS v3.1 Base Score: 10.0

Affected Product and Versions Remediation
SPPA-S2000 (S7):
V3.04, V3.06
Apply Patch V3.06P1
See download link in the SPPA-S2000 Technical News 2021-001
See further recommendations from section Workarounds and Mitigations
SPPA-S3000:
V3.04
Apply Patch V3.04P6
See download link in SPPA-S3000 Technical News 2020-004
See further recommendations from section Workarounds and Mitigations
SPPA-S3000:
V3.05
Apply Patch V3.05P3
See download link in SPPA-S3000 Technical News 2020-003
See further recommendations from section Workarounds and Mitigations
SPPA-T3000:
R8.2 SP2
Apply System Software Patch 19.017.20
See download link in SPPA-T3000 Technical News 2020-091
See further recommendations from section Workarounds and Mitigations

CVSS v3.1 Base Score 10.0
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE: CWE-805: Buffer Access with Incorrect Length Value

CVSS v3.1 Base Score 7.5
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE: CWE-20: Improper Input Validation

CVSS v3.1 Base Score 7.4
CVSS Vector CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:H/E:P/RL:O/RC:C
CWE: CWE-347: Improper Verification of Cryptographic Signature

CVSS v3.1 Base Score 9.4
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C
CWE: CWE-326: Inadequate Encryption Strength

CVSS v3.1 Base Score 8.1
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
CWE: CWE-346: Origin Validation Error

CVSS v3.1 Base Score 7.5
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:T/RC:C
CWE: CWE-404: Improper Resource Shutdown or Release

https://www.siemens.com/cert/advisories