Publication Date:
Last Update:
Current Version: V1.5
CVSS v3.1 Base Score: 7.8
Affected Product and Versions Remediation

All versions < V05.00.01.00
only affected by CVE-2020-8745
Update BIOS to V05.00.01.00

All versions < V0209_0105
only affected by CVE-2020-8745
Update BIOS to V0209_0105 or later version

All BIOS versions < V22.01.08
only affected by CVE-2020-8745, CVE-2020-8698, CVE-2020-8694

All versions < V26.01.08
only affected by CVE-2020-8745, CVE-2020-8698, CVE-2020-8694, CVE-2020-0590
Update BIOS to V26.01.08 or later version

All versions
only affected by CVE-2020-8745

All BIOS versions < V21.01.15
only affected by CVE-2020-8745, CVE-2020-8698, CVE-2020-8694

All BIOS versions < V21.01.15
only affected by CVE-2020-8745, CVE-2020-8698, CVE-2020-8694

All BIOS versions < V21.01.15
only affected by CVE-2020-8745, CVE-2020-8698, CVE-2020-8694

All BIOS versions < V1.4.0
only affected by CVE-2020-8745, CVE-2020-8694, CVE-2020-0590

All versions < R1.30.0
only affected by CVE-2020-8694, CVE-2020-0590

All BIOS versions < V25.02.08
only affected by CVE-2020-8745, CVE-2020-8698, CVE-2020-8694, CVE-2020-0590

All BIOS versions < V25.02.08
only affected by CVE-2020-8745, CVE-2020-8698, CVE-2020-8694, CVE-2020-0590

All BIOS versions < V25.02.08
only affected by CVE-2020-8745, CVE-2020-8698, CVE-2020-8694, CVE-2020-0590

All BIOS versions < V25.02.08
only affected by CVE-2020-8745, CVE-2020-8698, CVE-2020-8694, CVE-2020-0590

All BIOS versions < V23.01.08
only affected by CVE-2020-8745, CVE-2020-8698, CVE-2020-8694

All Versions < V08.00.00.00
only affected by CVE-2020-8745
Update BIOS to V08.00.00.00

All versions < V05.00.00.00
only affected by CVE-2020-8745
Update BIOS to V05.00.00.00

All versions
only affected by CVE-2020-8745

All versions < V04.00.00.00
only affected by CVE-2020-8745
Update BIOS to V04.00.00.00

All versions < V06.00.00.00
only affected by CVE-2020-8745
Update BIOS to V06.00.00.00
  • As a prerequisite for an attack, an attacker must be able to run untrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code if possible.
  • Applying a Defense-in-Depth concept can help to reduce the probability that untrusted code is run on the system. Siemens recommends to apply the Defense-in-Depth concept: https://www.siemens.com/industrialsecurity

The vulnerability classification has been performed by using the CVSS scoring system in version 3.1 (CVSS v3.1) (https://www.first.org/cvss/). The CVSS environmental score is specific to the customer’s environment and will impact the overall CVSS score. The environmental score should therefore be individually defined by the customer to accomplish final scoring.

An additional classification has been performed using the CWE classification, a community-developed list of common software security weaknesses. This serves as a common language and as a baseline for weakness identification, mitigation, and prevention efforts. A detailed list of CWE classes can be found at: https://cwe.mitre.org/.

CVSS v3.1 Base Score 7.8
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.6
CVSS Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-287: Improper Authentication
CVSS v3.1 Base Score 5.5
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-1189: Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
CVSS v3.1 Base Score 6.8
CVSS Vector CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CWE CWE-269: Improper Privilege Management

https://www.siemens.com/cert/advisories

V1.0 (2021-05-11): Publication Date
V1.1 (2021-06-08): Added remediations for SIMATIC IPC427E, SIMATIC IPC477E (PRO), and SIMATIC IPC527G
V1.2 (2021-08-10): Added remediations for SIMATIC IPC127E, SINUMERIK 828D HW PU.4, SINUMERIK MC MCU 1720, SINUMERIK ONE NCU 1740 and SINUMERIK ONE PPU 1740, added SIMATIC Drive Controller
V1.3 (2022-03-08): Added solution for SIMATIC ET 200SP Open Controller CPU 1515SP PC2
V1.4 (2022-05-10): Added solution for SIMATIC IPC547G
V1.5 (2022-07-12): Added fix for SIMATIC Field PG M6