| Publication Date: |
|
| Last Update: |
|
| Current Version: | V2.9 |
| CVSS v3.1 Base Score: | 7.5 |
| CVSS v4.0 Base Score: | 8.7 |
| Affected Product and Versions | Remediation |
|---|---|
|
All versions < V1.7 affected by CVE-2022-0778 |
Use the Edge Management System to update to V1.7 or later version
|
|
All versions < V1.7 affected by CVE-2022-0778 |
Use the Edge Management System to update to V1.7 or later version
|
|
All versions (OPC UA interface only) affected by CVE-2022-0778 |
Currently no fix is planned
Restrict access to the OPC UA interface to trusted systems
|
|
All versions (OPC UA interface only) affected by CVE-2022-0778 |
Currently no fix is planned
Restrict access to the OPC UA interface to trusted systems
|
|
All versions (OPC UA interface only) affected by CVE-2022-0778 |
Currently no fix is planned
Restrict access to the OPC UA interface to trusted systems
|
|
All versions only when running on ROX II < V2.15.1 affected by CVE-2022-0778 |
Update ROX II to V2.15.1 or later version
|
|
Update to V2.15.1 or later version
|
|
|
All versions < V2.0 affected by CVE-2022-0778 |
Update to V2.0 or later version
|
|
Update to V7.2 or later version
|
|
|
Update to V2.3.1 or later version
|
|
|
Update to V8.7.1.11 or later version
|
|
|
Update to V2.0 or later version
|
|
|
Currently no fix is planned
|
|
|
Currently no fix is planned
|
|
|
Currently no fix is planned
|
|
|
Update to V5.5.2 or later version
|
|
|
Update to V4.1.7 or later version
|
|
|
Update to V4.4 or later version
|
|
|
Update to V6.5 or later version
|
|
|
All versions affected by CVE-2022-0778 |
Currently no fix is planned
|
|
All versions < V1.9 affected by CVE-2022-0778 |
Update to V1.9 or later version
|
|
All versions < V1.9 affected by CVE-2022-0778 |
Update to V1.9 or later version
|
|
All versions affected by CVE-2022-0778 |
Currently no fix is planned
|
|
All versions < V3.3 affected by CVE-2022-0778 |
Update to V3.3 or later version
|
|
All versions affected by CVE-2022-0778 |
Currently no fix is planned
|
|
All versions < V3.4.29 affected by CVE-2022-0778 |
Update to V3.4.29 or later version
|
|
All versions < V3.4.29 affected by CVE-2022-0778 |
Update to V3.4.29 or later version
|
|
All versions < V3.4.29 affected by CVE-2022-0778 |
Update to V3.4.29 or later version
|
|
All versions < V3.4.29 affected by CVE-2022-0778 |
Update to V3.4.29 or later version
|
|
All versions < V3.4.29 affected by CVE-2022-0778 |
Update to V3.4.29 or later version
|
|
All versions < V3.0.37 affected by CVE-2022-0778 |
Update to V3.0.37 or later version
|
|
All versions affected by CVE-2022-0778 |
Currently no fix is available
|
|
All versions affected by CVE-2022-0778 |
Currently no fix is planned
|
|
All versions affected by CVE-2022-0778 |
Currently no fix is planned
|
|
Update to V2.9.7 or later version
|
|
|
Update to V2.2.28 or later version
|
|
|
All versions < V21.9.7 affected by CVE-2022-0778 |
Update to V21.9.7 or later version
|
|
All versions < V18 affected by CVE-2022-0778 |
Update to V18 or later version
|
|
All versions < V1.6 Upd6 affected by CVE-2022-0778 |
Update to V1.6 Upd6 or later version
|
|
Open for details
|
|
|
Open for details
|
|
|
Open for details
|
|
|
All versions < V9.1 Update 1 affected by CVE-2022-0778 |
Update to V9.1 Update 1 or later version
|
|
All versions < V4.0 affected by CVE-2022-0778 |
Update to V4.0 or later version
|
|
All versions < V9.2 SP2 affected by CVE-2022-0778 |
Update to V9.2 SP2 or later version
|
|
All versions < V2020 SP1 Update 1 affected by CVE-2022-0778 |
Update to V2020 SP1 Update 1 or later version
|
|
Update to V2.0.1 or later version
|
|
|
Update to V4.0.1 or later version
|
|
|
All versions < V2.0.1 affected by CVE-2022-0778 |
Update to V2.0.1 or later version
|
|
All versions < V4.6.0 affected by CVE-2022-0778 |
Update to V4.6.0 or later version
|
|
Open for details
|
|
|
Update to V21.9.7 or later version
|
|
|
All versions < V5.0 affected by CVE-2022-0778 |
Update to V5.0 or later version
|
|
All versions < V5.7 HF4 affected by CVE-2022-0778 |
Update to V5.7 HF4 or later version
|
|
All versions < V17 Update 5 affected by CVE-2022-0778 |
Update to V17 Update 5 or later version
|
|
Open for details
|
|
|
All versions >= V5.1 < V5.5.1 affected by CVE-2022-0778 |
Update to V5.5.1 or later version
|
|
All versions affected by CVE-2022-0778 |
Currently no fix is planned
|
|
All versions affected by CVE-2022-0778 |
Currently no fix is planned
|
|
All versions < V1.0 SP2 affected by CVE-2022-0778 |
Update to V1.0 SP2 or later version
|
|
All versions < V1.0 SP3 affected by CVE-2022-0778 |
Update to V1.0 SP3 or later version
|
|
All versions < V3.1 affected by CVE-2022-0778 |
Update to V3.1 or later version
|
|
All versions affected by CVE-2022-0778 |
Currently no fix is planned
|
|
All versions < V3.3 affected by CVE-2022-0778 |
Update to V3.3 or later version
|
|
All versions < V3.4.29 affected by CVE-2022-0778 |
Update to V3.4.29 or later version
|
|
All versions < V3.0.37 affected by CVE-2022-0778 |
Update to V3.0.37 or later version
|
|
All versions < V3.4.29 affected by CVE-2022-0778 |
Update to V3.4.29 or later version
|
|
All versions < V3.4.29 affected by CVE-2022-0778 |
Update to V3.4.29 or later version
|
|
All versions < V2.4.8 affected by CVE-2022-0778 |
Update to V2.4.8 or later version
|
|
All versions < V3.1.1 affected by CVE-2022-0778 |
Update to V3.1.1 or later version
|
|
All versions < V1.0.8 affected by CVE-2022-0778 |
Update to V1.0.8 or later version
|
|
All versions < V2.4.8 affected by CVE-2022-0778 |
Update to V2.4.8 or later version
|
|
Open for details
|
Product-specific remediations or mitigations can be found in the section
Affected Products and Solution.
Please follow the General Security Recommendations.
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.
| CVSS v3.1 Base Score | 7.5 |
| CVSS v3.1 Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| CVSS v4.0 Base Score | 8.7 |
| CVSS v4.0 Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
| CWE | CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') |
| V1.0 (2022-06-14): | Publication Date |
| V1.1 (2022-07-12): | Added SCALANCE X-200, X-200 IRT, X-300, XM-400, XR-500, XR-300WG, XB-200, XC-200, XF-200, XP-200 product families and Security Configuration Tool (SCT) as affected; added fix for RUGGEDCOM ROX devices and SIMATIC MV500 devices; no fix planned for SIMATIC NET PC Software, SIMATIC CP 343-1 Advanced and SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) |
| V1.2 (2022-08-09): | Added fix for Industrial Edge - OPC UA Connector, SIMATIC Cloud Connect 7 gateways, SIMATIC Logon, SIMATIC PDM, SIMATIC STEP 7 V5.X and TeleControl Server Basic; added SCALANCE W1750D as affected; clarified that Industrial Edge - PROFINET IO Connector is not affected |
| V1.3 (2022-09-13): | Added fix for RUGGEDCOM CROSSBOW Station Access Controller (SAC), SCALANCE XM-400 and XR-500 product families, and SINEC INS |
| V1.4 (2022-10-11): | Added fix for SIMATIC WinCC Unified, TIA Portal V17, and SINEC NMS; added SCALANCE W-700 and W-1700 product families as affected; corrected several product names in the SCALANCE XB and XP product families |
| V1.5 (2022-12-13): | Added SIMATIC Process Historian and SIMATIC HMI Unified Comfort Panels; added fix for SIMATIC PCS neo, SIMATIC Drive Controller family, SIMATIC S7-PLCSIM Advanced, SIMATIC S7-1500 and S7-1200 CPU families, and TIA Administrator; no fix planned for TIA Portal V16 |
| V1.6 (2023-01-10): | Added fix for SCALANCE W-700 IEEE 802.11ax product family |
| V1.7 (2023-02-14): | Added fix for SCALANCE W1750D product family |
| V1.8 (2023-03-14): | Added fix for SIMATIC CP 1542SP-1 and SIMATIC CP 1543SP-1, RUGGEDCOM RM1224 family, SCALANCE M-800 family, SCALANCE MUM-800 family, SCALANCE S615. Added missing affected products SCALANCE M876-4 (6GK5876-4AA10-2BA2) and SCALANCE S615 EEC (6GK5615-0AA01- 2AA2) |
| V1.9 (2023-04-11): | Added fix for SCALANCE X-200IRT family, SIMATIC CP 443-1 Advanced, TIM 1531 IRC, SCALANCE XB-200, XC-200, XP-200, XF-200BA, XR-300WG family, and for SIMATIC WinCC |
| V2.0 (2023-05-09): | Added fix for SIMATIC S7-1500 Software Controller; fix planned for SIMATIC NET PC Software V17 |
| V2.1 (2023-06-13): | Added fix for SIMOTION; clarified that no fix is planned for V8.2, V9.0, V9.1 of OpenPCS 7 and for V8.2, V9.0 of SIMATIC PCS 7; added fix and mitigation information for SIMATIC PCS 7 V9.1 |
| V2.2 (2023-07-11): | Expanded SIMATIC S7-1500 CPU family to individual products/MLFBs and added additional fix for V2 firmware version line; Fix for SIMATIC Drive Controller available already with V2.9.7 |
| V2.3 (2023-09-12): | Clarified SIMATIC S7-1500 Software Controller versions and adjusted fix for SIMATIC S7-1500 Software Controller V2; Clarified SIMATIC ET 200SP Open Controller versions and added fix for SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) |
| V2.4 (2023-10-10): | Added fix for SIMATIC CP 1242-7 V2 family, SIMATIC CP 1243-1 family, SIMATIC CP 1243-7 LTE family, SIMATIC CP 1243-8 IRC and for SIMATIC NET PC Software V17 |
| V2.5 (2024-01-09): | Added fix for SIMATIC PCS 7 TeleControl; Clarified that no fix is planned for SINAUT Software ST7sc and SINAUT ST7CC |
| V2.6 (2024-04-09): | Added fix for SIMATIC CP 1543-1 (incl. SIPLUS variants); Updated fix for TIM 1531 IRC (incl. SIPLUS NET variants) |
| V2.7 (2024-05-14): | Expanded SIMATIC WinCC family to individual version lines; SIMATIC PCS 7 V9.1: clarified that V9.1 SP2 UC04 fixes the issue in SIMATIC WinCC |
| V2.8 (2024-07-09): | Added fix for SCALANCE X-300 family (incl. X408 and SIPLUS NET variants) |
| V2.9 (2025-02-11): | Adjusted Totally Integrated Automation Portal (TIA Portal) entries and clarified that no fix is planned for SCALANCE W-1700 IEEE 802.11ac family |