Publication Date: 2021-03-09
Last Update: 2022-03-08
Current Version: V1.5
CVSS v3.1 Base Score: 6.5

Affected Product and Versions Remediation
SENTRON 3VA COM100/800:
All versions < V4.4.1
Update to V4.4.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109765343/
See further recommendations from section Workarounds and Mitigations
SENTRON 3VA DSP800:
All versions < V4.0
only affected by CVE-2020-17437
Update to V4.0 or later version
https://support.industry.siemens.com/cs/ww/en/view/109799046/
See further recommendations from section Workarounds and Mitigations
SENTRON PAC2200 (with CLP Approval):
All versions
only affected by CVE-2020-17437
Currently no remediation is planned
See recommendations from section Workarounds and Mitigations
SENTRON PAC2200 (with MID Approval):
All versions < V3.2.2
only affected by CVE-2020-17437
MID-certified devices do not support firmware updates; V3.2.2 is contained in devices that are labeled as “M22 MID”
See further recommendations from section Workarounds and Mitigations
SENTRON PAC2200 (without MID Approval):
All versions < V3.2.2
only affected by CVE-2020-17437
Update to V3.2.2 or later version
https://support.industry.siemens.com/cs/ww/en/view/109760897/
See further recommendations from section Workarounds and Mitigations
SENTRON PAC3200:
All versions < V2.4.7
Update to V2.4.7 or later version
https://support.industry.siemens.com/cs/ww/en/view/31674577/
See further recommendations from section Workarounds and Mitigations
SENTRON PAC3200T:
All versions < V3.2.2
only affected by CVE-2020-17437
Update to V3.2.2 or later version
https://support.industry.siemens.com/cs/ww/en/view/109793060/
See further recommendations from section Workarounds and Mitigations
SENTRON PAC3220:
All versions < V3.2.0
only affected by CVE-2020-17437
Update to V3.2.0 or later version
https://support.industry.siemens.com/cs/ww/en/view/109780938/
See further recommendations from section Workarounds and Mitigations
SENTRON PAC4200:
All versions < V2.3.0
Update to V2.3.0 or later version
https://support.industry.siemens.com/cs/ww/en/view/35029840/
See further recommendations from section Workarounds and Mitigations

CVSS v3.1 Base Score 6.5
CVSS Vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE: CWE-125: Out-of-bounds Read

CVSS v3.1 Base Score 6.5
CVSS Vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE: CWE-787: Out-of-bounds Write

https://www.siemens.com/cert/advisories