Publication Date:
Last Update:
Current Version: V1.5
CVSS v3.1 Base Score: 7.5
Affected Product and Versions Remediation

All versions < V8.1 SP1
affected by all CVEs

All versions < V2.2
affected by all CVEs

All versions < V2.2
affected by all CVEs

All versions
affected by all CVEs
Currently no fix is available

All versions < V2.9.7
affected by all CVEs

All versions >= V3.0.1 < V3.0.3
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions >= V3.0.1 < V3.0.3
affected by all CVEs

All versions < V21.9.7
affected by all CVEs

All versions >= V30.0.0
affected by all CVEs
Currently no fix is available

All versions
affected by all CVEs
Currently no fix is planned

All versions
affected by all CVEs
Currently no fix is available

All versions
affected by all CVEs
Currently no fix is available

All versions
affected by all CVEs
Currently no fix is available

All versions
affected by all CVEs
Currently no fix is available

All versions < V2.9.7
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V21.9.7
affected by all CVEs

All versions
affected by all CVEs
Currently no fix is available

All versions < V5.0 Update 2
affected by all CVEs
Update to V5.0 Update 2 or later version

All versions < V8.1 SP1
affected by all CVEs

All versions < V3.17 P029
affected by all CVEs

All versions < V3.18 P019
affected by all CVEs

All versions < V3.19 P005
affected by all CVEs

All versions < V2.0.0.1
affected by all CVEs
Update to V2.0.0.1 or later version

All versions < V5.0.0.0
affected by all CVEs
Update to V5.0.0.0 or later version

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V2.9.7
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V3.0.3
affected by all CVEs

All versions < V3.0.3
affected by all CVEs
  • Disable the OPC UA feature, if not used

Product-specific remediations or mitigations can be found in the section Affected Products and Solution.
Please follow the General Security Recommendations.

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound

https://www.siemens.com/cert/advisories

V1.0 (2023-09-12): Publication Date
V1.1 (2023-10-10): Added additional vulnerable products SIMATIC WinCC OA V3.17, SIMATIC WinCC OA V3.18, and SIMATIC WinCC OA V3.19; clarified that both ANSI C and C++ implementations are affected
V1.2 (2023-11-14): Added additional vulnerable products SIMATIC BRAUMAT / SISTAR
V1.3 (2023-12-12): Added SIMATIC Comfort/Mobile RT, SIMATIC IPC DiagMonitor, SIMATIC WinCC Unified OPC UA Client/Server, and SIMATIC PCS neo as affected products; removed unaffected devices: 6ES7513-1RL00-0AB0, 6ES7513-1RM03-0AB0, 6ES7515-2RM00-0AB0, 6ES7515-2RN03-0AB0, 6AG1515-2RM00-7AB0, 6AG2515-2RM00-4AB0, 6ES7517-3HP00-0AB0, 6AG1517-3HP00-4AB0, 6ES7518-4JP00-0AB0, 6AG1518-4JP00-4AB0; added fix for SIMATIC S7-PLCSIM Advanced
V1.4 (2024-01-09): No fix planned for SIMATIC IPC DiagMonitor
V1.5 (2024-02-13): Added fix for SIMATIC WinCC Unified OPC UA Client/Server; Added SIMATIC PCS 7 V9.1 as affected; Added specific mitigation measure for CVE-2023-28831 (disable OPC UA)