Publication Date: 2021-05-11
Last Update: 2022-05-10
Current Version: V1.4
CVSS v3.1 Base Score: 7.8

Affected Product and Versions Remediation
SIMATIC Drive Controller family:
All versions < V05.00.01.00
only affected by CVE-2020-8745
Update BIOS to V05.00.01.00
The update can be obtained from your local Siemens account manager.
See further recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants):
All versions < V0209_0105
only affected by CVE-2020-8745
Update BIOS to V0209_0105 or later version
https://support.industry.siemens.com/cs/ww/en/view/109743969/
See further recommendations from section Workarounds and Mitigations
SIMATIC Field PG M5:
All BIOS versions < V22.01.08
only affected by CVE-2020-8694, CVE-2020-8698, CVE-2020-8745
Update BIOS to V22.01.08
https://support.industry.siemens.com/cs/ww/en/view/109763408
See further recommendations from section Workarounds and Mitigations
SIMATIC Field PG M6:
All versions
only affected by CVE-2020-0590, CVE-2020-8694, CVE-2020-8698, CVE-2020-8745
Currently no fix is available
See recommendations from section Workarounds and Mitigations
SIMATIC IPC127E:
All versions
only affected by CVE-2020-8745
Update BIOS to V27.01.05
https://support.industry.siemens.com/cs/ww/en/view/109763408
See further recommendations from section Workarounds and Mitigations
SIMATIC IPC427E (incl. SIPLUS variants):
All BIOS versions < V21.01.15
only affected by CVE-2020-8694, CVE-2020-8698, CVE-2020-8745
Update BIOS to V21.01.15
https://support.industry.siemens.com/cs/ww/en/view/109763408
See further recommendations from section Workarounds and Mitigations
SIMATIC IPC477E:
All BIOS versions < V21.01.15
only affected by CVE-2020-8694, CVE-2020-8698, CVE-2020-8745
Update BIOS to V21.01.15
https://support.industry.siemens.com/cs/ww/en/view/109763408
See further recommendations from section Workarounds and Mitigations
SIMATIC IPC477E Pro:
All BIOS versions < V21.01.15
only affected by CVE-2020-8694, CVE-2020-8698, CVE-2020-8745
Update BIOS to V21.01.15
https://support.industry.siemens.com/cs/ww/en/view/109763408
See further recommendations from section Workarounds and Mitigations
SIMATIC IPC527G:
All BIOS versions < V1.4.0
only affected by CVE-2020-0590, CVE-2020-8694, CVE-2020-8745
Update BIOS to V1.4.0
https://support.industry.siemens.com/cs/ww/en/view/109763408
See further recommendations from section Workarounds and Mitigations
SIMATIC IPC547G:
All versions < R1.30.0
only affected by CVE-2020-0590, CVE-2020-8694
Update BIOS to R1.30.0
https://support.industry.siemens.com/cs/ww/en/view/109763408
See further recommendations from section Workarounds and Mitigations
SIMATIC IPC627E:
All BIOS versions < V25.02.08
only affected by CVE-2020-0590, CVE-2020-8694, CVE-2020-8698, CVE-2020-8745
Update BIOS to V25.02.08
https://support.industry.siemens.com/cs/ww/en/view/109763408
See further recommendations from section Workarounds and Mitigations
SIMATIC IPC647E:
All BIOS versions < V25.02.08
only affected by CVE-2020-0590, CVE-2020-8694, CVE-2020-8698, CVE-2020-8745
Update BIOS to V25.02.08
https://support.industry.siemens.com/cs/ww/en/view/109763408
See further recommendations from section Workarounds and Mitigations
SIMATIC IPC677E:
All BIOS versions < V25.02.08
only affected by CVE-2020-0590, CVE-2020-8694, CVE-2020-8698, CVE-2020-8745
Update BIOS to V25.02.08
https://support.industry.siemens.com/cs/ww/en/view/109763408
See further recommendations from section Workarounds and Mitigations
SIMATIC IPC847E:
All BIOS versions < V25.02.08
only affected by CVE-2020-0590, CVE-2020-8694, CVE-2020-8698, CVE-2020-8745
Update BIOS to V25.02.08
https://support.industry.siemens.com/cs/ww/en/view/109763408
See further recommendations from section Workarounds and Mitigations
SIMATIC ITP1000:
All BIOS versions < V23.01.08
only affected by CVE-2020-8694, CVE-2020-8698, CVE-2020-8745
Update BIOS to V23.01.08
https://support.industry.siemens.com/cs/ww/en/view/109763408
See further recommendations from section Workarounds and Mitigations
SINUMERIK 828D HW PU.4:
All Versions < V08.00.00.00
only affected by CVE-2020-8745
Update BIOS to V08.00.00.00
SINUMERIK software can be obtained from your local Siemens account manager.
See further recommendations from section Workarounds and Mitigations
SINUMERIK MC MCU 1720:
All versions < V05.00.00.00
only affected by CVE-2020-8745
Update BIOS to V05.00.00.00
SINUMERIK software can be obtained from your local Siemens account manager.
See further recommendations from section Workarounds and Mitigations
SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10:
All versions
only affected by CVE-2020-8745
Currently no fix is available
See recommendations from section Workarounds and Mitigations
SINUMERIK ONE NCU 1740:
All versions < V04.00.00.00
only affected by CVE-2020-8745
Update BIOS to V04.00.00.00
SINUMERIK software can be obtained from your local Siemens account manager.
See further recommendations from section Workarounds and Mitigations
SINUMERIK ONE PPU 1740:
All versions < V06.00.00.00
only affected by CVE-2020-8745
Update BIOS to V06.00.00.00
SINUMERIK software can be obtained from your local Siemens account manager.
See further recommendations from section Workarounds and Mitigations

CVSS v3.1 Base Score 7.8
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE: CWE-20: Improper Input Validation

CVSS v3.1 Base Score 5.6
CVSS Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE: CWE-287: Improper Authentication

CVSS v3.1 Base Score 5.5
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE: CWE-1189: Improper Isolation of Shared Resources on System-on-a-Chip (SoC)

CVSS v3.1 Base Score 6.8
CVSS Vector CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CWE: CWE-269: Improper Privilege Management

https://www.siemens.com/cert/advisories