Publication Date: 2021-12-16
Last Update: 2022-02-08
Current Version: V1.1
CVSS v3.1 Base Score: 10.0

Affected Product and Versions Remediation
SPPA-T3000 SeS3000 Security Server (6DU7054-0..00-..A0):
All versions
Currently no remediation is available

Specific mitigations and how to apply are described in the SE Controls Security Announcement Incident 2021-01, available in the customer portal.

https://cep.siemens-energy.com/cep/
See further recommendations from section Workarounds and Mitigations

CVSS v3.1 Base Score 10.0
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE: CWE-20: Improper Input Validation

CVSS v3.1 Base Score 9.0
CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE: CWE-20: Improper Input Validation

https://www.siemens.com/cert/advisories