Publication Date:
Last Update:
Current Version: V1.6
CVSS v3.1 Base Score: 9.8
CVSS v4.0 Base Score: 9.3
Un-/Collapse All
Affected Product and Versions Remediation
Expand children
Currently no fix is planned
Expand children
Expand children
Expand children

All versions
affected by CVE-2015-8214
Currently no fix is planned
Expand children
Currently no fix is planned
Expand children
Expand children
Expand children
Expand children

Please follow the General Security Recommendations.

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 9.3
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-306: Missing Authentication for Critical Function

For the following products, the impact of the vulnerability is different.


CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

  • Artem Zinenko from Kaspersky for pointing out that SIPLUS should also be mentioned
  • Industrial Control System Cyber Emergency Response Team (ICS-CERT) for coordination efforts
  • Lei ChengLin (Z-0ne) from Fengtai Technologies' Security Research Team for coordinated disclosure

https://www.siemens.com/cert/advisories
V1.0 (2015-11-27): Publication Date
V1.1 (2016-01-29): Added fix information for SIMATIC TIM 3V-IE and TIM 4R-IE modules
V1.2 (2016-02-01): Added fix information for SIMATIC CP 443-1 / CP 443-1 Advanced
V1.3 (2016-04-29): Added fix information for SIMATIC CP343-1 Lean / CP 343-1
V1.4 (2020-02-10): SIPLUS devices now explicitly mentioned in the list of affected products
V1.5 (2021-04-13): Clarified product names and added SIMATIC NET CP PROFIBUS devices
V1.6 (2025-07-08): CVE-2015-8214: Added CVSSv4.0 vector; SIMATIC CP 342-5, SIMATIC CP 443-5 Basic, SIMATIC CP 443-5 Extended: Clarified that no fix is planned and added product specific impact description and CVSS vectors; Expanded affected product families to individual products, incl. MLFB IDs