Publication Date:
Last Update:
Current Version: V2.8
CVSS v3.1 Base Score: 7.5
CVSS v4.0 Base Score: 8.7
Un-/Collapse All
Affected Product and Versions Remediation

All versions < V1.7
affected by CVE-2022-0778
Use the Edge Management System to update to V1.7 or later version

All versions < V1.7
affected by CVE-2022-0778
Use the Edge Management System to update to V1.7 or later version

All versions (OPC UA interface only)
affected by CVE-2022-0778
Currently no fix is planned
Restrict access to the OPC UA interface to trusted systems

All versions (OPC UA interface only)
affected by CVE-2022-0778
Currently no fix is planned
Restrict access to the OPC UA interface to trusted systems

All versions (OPC UA interface only)
affected by CVE-2022-0778
Currently no fix is planned
Restrict access to the OPC UA interface to trusted systems

All versions only when running on ROX II < V2.15.1
affected by CVE-2022-0778
Update ROX II to V2.15.1 or later version
Expand children

All versions < V2.0
affected by CVE-2022-0778
Expand children
Expand children
Expand children
Expand children
Expand children
Currently no fix is planned
Expand children
Currently no fix is available

All versions < V5.5.2
affected by CVE-2022-0778

All versions < V5.5.2
affected by CVE-2022-0778

All versions < V5.5.2
affected by CVE-2022-0778

All versions < V5.5.2
affected by CVE-2022-0778

All versions < V5.5.2
affected by CVE-2022-0778

All versions < V5.5.2
affected by CVE-2022-0778

All versions < V5.5.2
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V5.5.2
affected by CVE-2022-0778

All versions < V5.5.2
affected by CVE-2022-0778

All versions < V5.5.2
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions
affected by CVE-2022-0778
Currently no fix is planned
Expand children
Expand children

All versions < V5.5.2
affected by CVE-2022-0778

All versions < V5.5.2
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V5.5.2
affected by CVE-2022-0778

All versions < V5.5.2
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions
affected by CVE-2022-0778
Currently no fix is planned
Expand children

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V1.9
affected by CVE-2022-0778

All versions < V1.9
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V3.3
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V3.4.29
affected by CVE-2022-0778

All versions < V3.4.29
affected by CVE-2022-0778

All versions < V3.4.29
affected by CVE-2022-0778

All versions < V3.4.29
affected by CVE-2022-0778

All versions < V3.4.29
affected by CVE-2022-0778

All versions < V2.2.28
affected by CVE-2022-0778

All versions < V3.0.37
affected by CVE-2022-0778

All versions < V2.2.28
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is available

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V21.9.7
affected by CVE-2022-0778

All versions < V18
affected by CVE-2022-0778

All versions < V1.6 Upd6
affected by CVE-2022-0778

All versions < V3.3
affected by CVE-2022-0778

All versions < V3.3
affected by CVE-2022-0778

All versions < V3.3
affected by CVE-2022-0778

All versions < V3.3
affected by CVE-2022-0778

All versions < V3.3
affected by CVE-2022-0778

All versions < V3.3
affected by CVE-2022-0778
Expand children
Open for details

All versions < V9.1 Update 1
affected by CVE-2022-0778
Update to V9.1 Update 1 or later version

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V9.1 SP2 UC04
affected by CVE-2022-0778
Update to V9.1 SP2 UC04 or later version
For the unfixed component in this version (OpenPCS 7): Restrict access to the OPC UA interface of OpenPCS 7 to trusted systems

All versions < V4.0
affected by CVE-2022-0778

All versions < V9.2 SP2
affected by CVE-2022-0778

All versions < V2020 SP1 Update 1
affected by CVE-2022-0778
Update to V2020 SP1 Update 1 or later version
Expand children
Expand children

All versions < V2.0.1
affected by CVE-2022-0778

All versions < V4.6.0
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V3.0.1
affected by CVE-2022-0778

All versions < V3.0.1
affected by CVE-2022-0778

All versions < V3.0.1
affected by CVE-2022-0778

All versions < V3.0.1
affected by CVE-2022-0778

All versions < V3.0.1
affected by CVE-2022-0778

All versions < V3.0.1
affected by CVE-2022-0778

All versions < V3.0.1
affected by CVE-2022-0778

All versions < V3.0.1
affected by CVE-2022-0778

All versions < V3.0.1
affected by CVE-2022-0778

All versions < V3.0.1
affected by CVE-2022-0778

All versions < V3.0.1
affected by CVE-2022-0778

All versions < V3.0.1
affected by CVE-2022-0778

All versions < V3.0.1
affected by CVE-2022-0778

All versions < V3.0.1
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V21.9.7
affected by CVE-2022-0778

All versions < V5.0
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is available

All versions < V5.7 HF4
affected by CVE-2022-0778

All versions < V17 Update 5
affected by CVE-2022-0778
Update to V17 Update 5 or later version

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V7.4 SP1 Update 22
affected by CVE-2022-0778
Update to V7.4 SP1 Update 22 or later version

All versions < V7.5 SP2 Update 16
affected by CVE-2022-0778
Update to V7.5 SP2 Update 16 or later version

All versions >= V5.1 < V5.5.1
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V1.0 SP2
affected by CVE-2022-0778

All versions < V1.0 SP3
affected by CVE-2022-0778

All versions < V3.1
affected by CVE-2022-0778

All versions < V2.2.28
affected by CVE-2022-0778

All versions < V2.2.28
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V3.3
affected by CVE-2022-0778

All versions < V3.4.29
affected by CVE-2022-0778

All versions < V3.0.37
affected by CVE-2022-0778

All versions < V5.5.2
affected by CVE-2022-0778

All versions < V3.4.29
affected by CVE-2022-0778

All versions < V3.4.29
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions
affected by CVE-2022-0778
Currently no fix is planned

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V2.9.7
affected by CVE-2022-0778

All versions < V3.0.1
affected by CVE-2022-0778

All versions < V3.0.1
affected by CVE-2022-0778

All versions < V3.0.1
affected by CVE-2022-0778

All versions < V3.0.1
affected by CVE-2022-0778

All versions < V3.0.1
affected by CVE-2022-0778

All versions < V2.4.8
affected by CVE-2022-0778

All versions < V3.1.1
affected by CVE-2022-0778

All versions < V1.0 SP8
affected by CVE-2022-0778

All versions < V2.4.8
affected by CVE-2022-0778
Expand children
Open for details

Product-specific remediations or mitigations can be found in the section Affected Products and Solution.
Please follow the General Security Recommendations.

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

https://www.siemens.com/cert/advisories
V1.0 (2022-06-14): Publication Date
V1.1 (2022-07-12): Added SCALANCE X-200, X-200 IRT, X-300, XM-400, XR-500, XR-300WG, XB-200, XC-200, XF-200, XP-200 product families and Security Configuration Tool (SCT) as affected; added fix for RUGGEDCOM ROX devices and SIMATIC MV500 devices; no fix planned for SIMATIC NET PC Software, SIMATIC CP 343-1 Advanced and SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants)
V1.2 (2022-08-09): Added fix for Industrial Edge - OPC UA Connector, SIMATIC Cloud Connect 7 gateways, SIMATIC Logon, SIMATIC PDM, SIMATIC STEP 7 V5.X and TeleControl Server Basic; added SCALANCE W1750D as affected; clarified that Industrial Edge - PROFINET IO Connector is not affected
V1.3 (2022-09-13): Added fix for RUGGEDCOM CROSSBOW Station Access Controller (SAC), SCALANCE XM-400 and XR-500 product families, and SINEC INS
V1.4 (2022-10-11): Added fix for SIMATIC WinCC Unified, TIA Portal V17, and SINEC NMS; added SCALANCE W-700 and W-1700 product families as affected; corrected several product names in the SCALANCE XB and XP product families
V1.5 (2022-12-13): Added SIMATIC Process Historian and SIMATIC HMI Unified Comfort Panels; added fix for SIMATIC PCS neo, SIMATIC Drive Controller family, SIMATIC S7-PLCSIM Advanced, SIMATIC S7-1500 and S7-1200 CPU families, and TIA Administrator; no fix planned for TIA Portal V16
V1.6 (2023-01-10): Added fix for SCALANCE W-700 IEEE 802.11ax product family
V1.7 (2023-02-14): Added fix for SCALANCE W1750D product family
V1.8 (2023-03-14): Added fix for SIMATIC CP 1542SP-1 and SIMATIC CP 1543SP-1, RUGGEDCOM RM1224 family, SCALANCE M-800 family, SCALANCE MUM-800 family, SCALANCE S615. Added missing affected products SCALANCE M876-4 (6GK5876-4AA10-2BA2) and SCALANCE S615 EEC (6GK5615-0AA01- 2AA2)
V1.9 (2023-04-11): Added fix for SCALANCE X-200IRT family, SIMATIC CP 443-1 Advanced, TIM 1531 IRC, SCALANCE XB-200, XC-200, XP-200, XF-200BA, XR-300WG family, and for SIMATIC WinCC
V2.0 (2023-05-09): Added fix for SIMATIC S7-1500 Software Controller; fix planned for SIMATIC NET PC Software V17
V2.1 (2023-06-13): Added fix for SIMOTION; clarified that no fix is planned for V8.2, V9.0, V9.1 of OpenPCS 7 and for V8.2, V9.0 of SIMATIC PCS 7; added fix and mitigation information for SIMATIC PCS 7 V9.1
V2.2 (2023-07-11): Expanded SIMATIC S7-1500 CPU family to individual products/MLFBs and added additional fix for V2 firmware version line; Fix for SIMATIC Drive Controller available already with V2.9.7
V2.3 (2023-09-12): Clarified SIMATIC S7-1500 Software Controller versions and adjusted fix for SIMATIC S7-1500 Software Controller V2; Clarified SIMATIC ET 200SP Open Controller versions and added fix for SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
V2.4 (2023-10-10): Added fix for SIMATIC CP 1242-7 V2 family, SIMATIC CP 1243-1 family, SIMATIC CP 1243-7 LTE family, SIMATIC CP 1243-8 IRC and for SIMATIC NET PC Software V17
V2.5 (2024-01-09): Added fix for SIMATIC PCS 7 TeleControl; Clarified that no fix is planned for SINAUT Software ST7sc and SINAUT ST7CC
V2.6 (2024-04-09): Added fix for SIMATIC CP 1543-1 (incl. SIPLUS variants); Updated fix for TIM 1531 IRC (incl. SIPLUS NET variants)
V2.7 (2024-05-14): Expanded SIMATIC WinCC family to individual version lines; SIMATIC PCS 7 V9.1: clarified that V9.1 SP2 UC04 fixes the issue in SIMATIC WinCC
V2.8 (2024-07-09): Added fix for SCALANCE X-300 family (incl. X408 and SIPLUS NET variants)