Publication Date: 2022-06-14
Last Update: 2022-06-14
Current Version: V1.0
CVSS v3.1 Base Score: 9.8

Affected Product and Versions Remediation
RUGGEDCOM NMS:
All versions when using the device firmware upgrade mechanism
only affected by CVE-2021-34798
Currently no fix is planned
See recommendations from section Workarounds and Mitigations
SINEC NMS:
All versions
Currently no fix is available
See recommendations from section Workarounds and Mitigations
SINEMA Remote Connect Server:
All versions < V3.1
only affected by CVE-2021-34798
Update to V3.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109811169/
See further recommendations from section Workarounds and Mitigations
SINEMA Server V14:
All versions
Currently no fix is planned
See recommendations from section Workarounds and Mitigations

CVSS v3.1 Base Score 7.5
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE: CWE-476: NULL Pointer Dereference

CVSS v3.1 Base Score 9.8
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE: CWE-787: Out-of-bounds Write

CVSS v3.1 Base Score 9.0
CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE: CWE-918: Server-Side Request Forgery (SSRF)

https://www.siemens.com/cert/advisories