Publication Date:
Last Update:
Current Version: V1.4
CVSS v3.1 Base Score: 9.8
Affected Product and Versions Remediation

All versions < V1.3.0
affected by all CVEs
CVE-2016-10228
CVE-2019-25013
CVE-2020-1752
CVE-2020-10029
CVE-2020-27618
CVE-2020-29562
CVE-2021-3326
CVE-2021-3998
CVE-2021-3999
CVE-2021-20269
CVE-2021-27645
CVE-2021-28831
CVE-2021-33574
CVE-2021-35942
CVE-2021-38604
CVE-2021-42373
CVE-2021-42374
CVE-2021-42375
CVE-2021-42376
CVE-2021-42377
CVE-2021-42378
CVE-2021-42379
CVE-2021-42380
CVE-2021-42381
CVE-2021-42382
CVE-2021-42383
CVE-2021-42384
CVE-2021-42385
CVE-2021-42386
CVE-2021-44879
CVE-2022-1015
CVE-2022-1882
CVE-2022-2585
CVE-2022-2588
CVE-2022-2905
CVE-2022-3028
CVE-2022-3435
CVE-2022-3586
CVE-2022-4378
CVE-2022-4662
CVE-2022-20421
CVE-2022-20422
CVE-2022-21233
CVE-2022-23218
CVE-2022-23219
CVE-2022-28391
CVE-2022-30065
CVE-2022-39188
CVE-2022-39190
CVE-2022-40307
CVE-2022-41222
CVE-2022-42703
CVE-2023-0179
CVE-2023-0394
CVE-2023-1073
CVE-2023-2898
CVE-2023-3390
CVE-2023-3610
CVE-2023-3611
CVE-2023-3776
CVE-2023-4004
CVE-2023-4015
CVE-2023-4128
CVE-2023-4147
CVE-2023-4273
CVE-2023-4527
CVE-2023-4806
CVE-2023-4911
CVE-2023-5156
CVE-2023-31248
CVE-2023-35001
CVE-2023-45863
Update to V1.3.0 or later version
  • Only build and run applications from trusted sources

Product-specific remediations or mitigations can be found in the section Affected Products and Solution.
Please follow the General Security Recommendations.

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 7.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS v3.1 Base Score 4.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-617: Reachable Assertion
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-617: Reachable Assertion
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-193: Off-by-one Error
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-276: Incorrect Default Permissions
CVSS v3.1 Base Score 2.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE CWE-415: Double Free
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-755: Improper Handling of Exceptional Conditions
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 9.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 5.1
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 4.1
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 4.1
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 6.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-763: Release of Invalid Pointer or Reference
CVSS v3.1 Base Score 6.6
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 6.6
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 6.6
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 6.6
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 6.6
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 6.6
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 6.6
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 6.6
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 6.6
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 6.6
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 7.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS v3.1 Base Score 4.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-455: Non-exit on Failed Initialization
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 4.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 4.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 6.6
CVSS v3.1 Vector CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 4.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 8.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 6.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
CWE CWE-121: Stack-based Buffer Overflow
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-121: Stack-based Buffer Overflow
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE CWE-401: Missing Release of Memory after Effective Lifetime
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 6.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write

https://www.siemens.com/cert/advisories
V1.0 (2023-06-13): Publication Date
V1.1 (2023-09-12): Added CVE-2022-1015, CVE-2023-2898, CVE-2023-31248, CVE-2023-3390, CVE-2023-35001, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-4004, CVE-2023-4015, CVE-2023-4128, CVE-2023-4147, CVE-2023-4273
V1.2 (2023-11-14): Added CVE-2023-4527, CVE-2023-4806, CVE-2023-4911, CVE-2023-5156
V1.3 (2023-12-12): Added CVE-2021-44879, CVE-2023-45863
V1.4 (2024-04-09): Added fix for SIMATIC S7-1500 TM MFP - BIOS