Publication Date: |
|
Last Update: |
|
Current Version: | V1.6 |
CVSS v3.1 Base Score: | 9.8 |
CVSS v4.0 Base Score: | 9.3 |
Affected Product and Versions | Remediation |
---|---|
|
Currently no fix is planned
|
|
Update to V3.0.44 or later version
|
|
Update to V3.1.1 or later version
|
|
Update to V3.2.9 or later version
|
All versions affected by CVE-2015-8214 |
Currently no fix is planned
|
|
Currently no fix is planned
|
|
Update to V2.6 or later version
|
|
Update to V3.1 or later version
|
|
Update to V2.6 or later version
|
|
Update to V3.1 or later version
|
Please follow the General Security Recommendations.
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.
CVSS v3.1 Base Score | 9.8 |
CVSS v3.1 Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v4.0 Base Score | 9.3 |
CVSS v4.0 Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
CWE | CWE-306: Missing Authentication for Critical Function |
For the following products, the impact of the vulnerability is different.
CVSS v3.1 Base Score | 8.8 |
CVSS v3.1 Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v4.0 Base Score | 8.7 |
CVSS v4.0 Vector | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
CVSS v3.1 Base Score | 8.8 |
CVSS v3.1 Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v4.0 Base Score | 8.7 |
CVSS v4.0 Vector | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
CVSS v3.1 Base Score | 8.8 |
CVSS v3.1 Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v4.0 Base Score | 8.7 |
CVSS v4.0 Vector | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
CVSS v3.1 Base Score | 8.8 |
CVSS v3.1 Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v4.0 Base Score | 8.7 |
CVSS v4.0 Vector | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
CVSS v3.1 Base Score | 8.8 |
CVSS v3.1 Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v4.0 Base Score | 8.7 |
CVSS v4.0 Vector | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
CVSS v3.1 Base Score | 8.8 |
CVSS v3.1 Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v4.0 Base Score | 8.7 |
CVSS v4.0 Vector | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
CVSS v3.1 Base Score | 8.8 |
CVSS v3.1 Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v4.0 Base Score | 8.7 |
CVSS v4.0 Vector | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
CVSS v3.1 Base Score | 8.8 |
CVSS v3.1 Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v4.0 Base Score | 8.7 |
CVSS v4.0 Vector | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
V1.0 (2015-11-27): | Publication Date |
V1.1 (2016-01-29): | Added fix information for SIMATIC TIM 3V-IE and TIM 4R-IE modules |
V1.2 (2016-02-01): | Added fix information for SIMATIC CP 443-1 / CP 443-1 Advanced |
V1.3 (2016-04-29): | Added fix information for SIMATIC CP343-1 Lean / CP 343-1 |
V1.4 (2020-02-10): | SIPLUS devices now explicitly mentioned in the list of affected products |
V1.5 (2021-04-13): | Clarified product names and added SIMATIC NET CP PROFIBUS devices |
V1.6 (2025-07-08): | CVE-2015-8214: Added CVSSv4.0 vector; SIMATIC CP 342-5, SIMATIC CP 443-5 Basic, SIMATIC CP 443-5 Extended: Clarified that no fix is planned and added product specific impact description and CVSS vectors; Expanded affected product families to individual products, incl. MLFB IDs |