Publication Date: 2022-05-10
Last Update: 2022-06-14
Current Version: V1.1
CVSS v3.1 Base Score: 8.1

Affected Product and Versions Remediation
LOGO! CMR family:
All versions
only affected by CVE-2021-22924
Currently no fix is available
• For CVE-2021-22924: Use the certificate projection feature to pin the valid certificates of external servers providing the services E-mail and DynDNS to the affected devices. To do this, see the description in the sections “Ca Certificate” in the chapters “E-Mail” and “DynDNS” in the manual
RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2):
All versions < V7.1
only affected by CVE-2021-22924
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276
RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2):
All versions < V7.1
only affected by CVE-2021-22924
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276
SCALANCE M804PB (6GK5804-0AP00-2AA2):
All versions < V7.1
only affected by CVE-2021-22924
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276
SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2):
All versions < V7.1
only affected by CVE-2021-22924
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276
SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2):
All versions < V7.1
only affected by CVE-2021-22924
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276
SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2):
All versions < V7.1
only affected by CVE-2021-22924
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276
SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2):
All versions < V7.1
only affected by CVE-2021-22924
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276
SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2):
All versions < V7.1
only affected by CVE-2021-22924
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276
SCALANCE M874-2 (6GK5874-2AA00-2AA2):
All versions < V7.1
only affected by CVE-2021-22924
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276
SCALANCE M874-3 (6GK5874-3AA00-2AA2):
All versions < V7.1
only affected by CVE-2021-22924
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276
SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2):
All versions < V7.1
only affected by CVE-2021-22924
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276
SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2):
All versions < V7.1
only affected by CVE-2021-22924
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276
SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2):
All versions < V7.1
only affected by CVE-2021-22924
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276
SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2):
All versions < V7.1
only affected by CVE-2021-22924
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276
SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1):
All versions < V7.1
only affected by CVE-2021-22924
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276
SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1):
All versions < V7.1
only affected by CVE-2021-22924
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276
SCALANCE S615 (6GK5615-0AA00-2AA2):
All versions < V7.1
only affected by CVE-2021-22924
Update to V7.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109807276
SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0):
All versions < V3.0.22
Update to V3.0.22 or later version
https://support.industry.siemens.com/cs/ww/en/view/109808678
SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0):
All versions < V1.1
Update to V1.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109811116/
SIMATIC RTU3010C (6NH3112-0BA00-0XX0):
All versions < V5.0.14
only affected by CVE-2021-22924
Update to V5.0.14 or later version
https://support.industry.siemens.com/cs/ww/en/view/109810215/
SIMATIC RTU3030C (6NH3112-3BA00-0XX0):
All versions < V5.0.14
only affected by CVE-2021-22924
Update to V5.0.14 or later version
https://support.industry.siemens.com/cs/ww/en/view/109810215/
SIMATIC RTU3031C (6NH3112-3BB00-0XX0):
All versions < V5.0.14
only affected by CVE-2021-22924
Update to V5.0.14 or later version
https://support.industry.siemens.com/cs/ww/en/view/109810215/
SIMATIC RTU3041C (6NH3112-4BB00-0XX0):
All versions < V5.0.14
only affected by CVE-2021-22924
Update to V5.0.14 or later version
https://support.industry.siemens.com/cs/ww/en/view/109810215/
SINEMA Remote Connect Client:
All versions < V3.1
only affected by CVE-2021-22924
Update to V3.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109811169/
SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0):
All versions < V3.0.22
Update to V3.0.22 or later version
https://support.industry.siemens.com/cs/ww/en/view/109808678

CVSS v3.1 Base Score 8.1
CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE: CWE-416: Use After Free

CVSS v3.1 Base Score 3.7
CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE: CWE-706: Use of Incorrectly-Resolved Name or Reference

https://www.siemens.com/cert/advisories