Publication Date: 2022-02-08
Last Update: 2022-06-14
Current Version: V1.2
CVSS v3.1 Base Score: 7.5

Affected Product and Versions Remediation
RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
SCALANCE M804PB (6GK5804-0AP00-2AA2):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
SCALANCE M874-2 (6GK5874-2AA00-2AA2):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
SCALANCE M874-3 (6GK5874-3AA00-2AA2):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
SCALANCE MUM853-1 (RoW) (6GK5853-2EA00-2AA1):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
SCALANCE MUM856-1 (NAM) (6GK5856-2EA00-3BA1):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
SCALANCE S615 (6GK5615-0AA00-2AA2):
All versions < V7.1
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276/
SCALANCE SC622-2C (6GK5622-2GS00-2AC2):
All versions < V2.3
only affected by CVE-2021-41991
Update to V2.3 or later version
https://support.industry.siemens.com/cs/ww/en/view/109805907/
SCALANCE SC632-2C (6GK5632-2GS00-2AC2):
All versions < V2.3
only affected by CVE-2021-41991
Update to V2.3 or later version
https://support.industry.siemens.com/cs/ww/en/view/109805907/
SCALANCE SC636-2C (6GK5636-2GS00-2AC2):
All versions < V2.3
only affected by CVE-2021-41991
Update to V2.3 or later version
https://support.industry.siemens.com/cs/ww/en/view/109805907/
SCALANCE SC642-2C (6GK5642-2GS00-2AC2):
All versions < V2.3
only affected by CVE-2021-41991
Update to V2.3 or later version
https://support.industry.siemens.com/cs/ww/en/view/109805907/
SCALANCE SC646-2C (6GK5646-2GS00-2AC2):
All versions < V2.3
only affected by CVE-2021-41991
Update to V2.3 or later version
https://support.industry.siemens.com/cs/ww/en/view/109805907/
SIMATIC CP 1242-7 V2 (incl. SIPLUS variants):
All versions
only affected by CVE-2021-41991
Currently no fix is available
Only deploy certificates via TIA portal that got created with TIA portal
SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0):
All versions
only affected by CVE-2021-41991
Currently no fix is available
Only deploy certificates via TIA portal that got created with TIA portal
SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0):
All versions
only affected by CVE-2021-41991
Currently no fix is available
Only deploy certificates via TIA portal that got created with TIA portal
SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0):
All versions
only affected by CVE-2021-41991
Currently no fix is available
Only deploy certificates via TIA portal that got created with TIA portal
SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0):
All versions
only affected by CVE-2021-41991
Currently no fix is available
Only deploy certificates via TIA portal that got created with TIA portal
SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0):
All versions
only affected by CVE-2021-41991
Currently no fix is planned
Only deploy certificates via TIA portal that got created with TIA portal
SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0):
All versions
only affected by CVE-2021-41991
Currently no fix is available
See recommendations from section Workarounds and Mitigations
SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0):
All versions < V3.0.22
only affected by CVE-2021-41991
Update to V3.0.22 or later version
https://support.industry.siemens.com/cs/ww/en/view/109808678/

Only deploy certificates via TIA portal that got created with TIA portal
SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0):
All versions
only affected by CVE-2021-41991
Currently no fix is available
See recommendations from section Workarounds and Mitigations
SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0):
All versions < V1.1
only affected by CVE-2021-41991
Update to V1.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109811116/

Only deploy certificates via TIA portal that got created with TIA portal
SINEMA Remote Connect Server:
All versions < V3.1
only affected by CVE-2021-41991
Update to V3.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109811169/
SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0):
All versions
only affected by CVE-2021-41991
Currently no fix is available
See recommendations from section Workarounds and Mitigations
SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0):
All versions
only affected by CVE-2021-41991
Currently no fix is available
See recommendations from section Workarounds and Mitigations
SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0):
All versions
only affected by CVE-2021-41991
Currently no fix is available
See recommendations from section Workarounds and Mitigations
SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0):
All versions < V3.0.22
only affected by CVE-2021-41991
Update to V3.0.22 or later version
https://support.industry.siemens.com/cs/ww/en/view/109808678/

Only deploy certificates via TIA portal that got created with TIA portal
SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0):
All versions
only affected by CVE-2021-41991
Currently no fix is available
Only deploy certificates via TIA portal that got created with TIA portal
SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0):
All versions
only affected by CVE-2021-41991
Currently no fix is available
Only deploy certificates via TIA portal that got created with TIA portal

CVSS v3.1 Base Score 7.5
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE: CWE-190: Integer Overflow or Wraparound

CVSS v3.1 Base Score 7.5
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE: CWE-190: Integer Overflow or Wraparound

https://www.siemens.com/cert/advisories