Publication Date: 2021-11-09
Last Update: 2022-05-10
Current Version: V1.4
CVSS v3.1 Base Score: 9.9

Affected Product and Versions Remediation
OpenPCS 7 V8.2:
All versions
only affected by CVE-2021-40359
See remediation for SIMATIC PCS 7 V8.2
See further recommendations from section Workarounds and Mitigations
OpenPCS 7 V9.0:
All versions < V9.0 Upd4
only affected by CVE-2021-40359
Update to V9.0 Upd4 or later version; V9.0 Upd4 is bundled in PCS 7 V9.0 SP3 UC04
https://support.industry.siemens.com/cs/ww/en/view/109780528/
See further recommendations from section Workarounds and Mitigations
OpenPCS 7 V9.1:
All versions
only affected by CVE-2021-40359
See remediation for SIMATIC PCS 7 V9.1
See further recommendations from section Workarounds and Mitigations
SIMATIC BATCH V8.2:
All versions
only affected by CVE-2021-40359
See remediation for SIMATIC PCS 7 V8.2
See further recommendations from section Workarounds and Mitigations
SIMATIC BATCH V9.0:
All versions
only affected by CVE-2021-40359
Currently no fix is available
See recommendations from section Workarounds and Mitigations
SIMATIC BATCH V9.1:
All versions
only affected by CVE-2021-40359
See remediation for SIMATIC PCS 7 V9.1
See further recommendations from section Workarounds and Mitigations
SIMATIC NET PC Software V14:
All versions
only affected by CVE-2021-40359
Currently no fix is available
See recommendations from section Workarounds and Mitigations
SIMATIC NET PC Software V15:
All versions
only affected by CVE-2021-40359
Currently no fix is planned
See recommendations from section Workarounds and Mitigations
SIMATIC NET PC Software V16:
All versions
only affected by CVE-2021-40359
Currently no fix is available
See recommendations from section Workarounds and Mitigations
SIMATIC NET PC Software V17:
All versions < V17 SP1
only affected by CVE-2021-40359
Update to V17 SP1 or later version
https://support.industry.siemens.com/cs/ww/de/view/109808270/
See further recommendations from section Workarounds and Mitigations
SIMATIC PCS 7 V8.2:
All versions
Install SIMATIC WinCC V7.4 SP1 Update 19 or later version
https://support.industry.siemens.com/cs/ww/en/view/109806846/
See further recommendations from section Workarounds and Mitigations
SIMATIC PCS 7 V9.0:
All versions < V9.0 SP3 UC04
Update to V9.0 SP3 UC04 or later version to fix CVE-2021-40358 and CVE-2021-40364
To fix CVE-2021-40359 see chapter “Additional Information”
https://support.industry.siemens.com/cs/ww/en/view/109780528/
See further recommendations from section Workarounds and Mitigations
SIMATIC PCS 7 V9.1:
All versions < V9.1 SP1
Update to V9.1 SP1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109805073/
See further recommendations from section Workarounds and Mitigations
SIMATIC Route Control V8.2:
All versions
only affected by CVE-2021-40359
See remediation for SIMATIC PCS 7 V8.2
See further recommendations from section Workarounds and Mitigations
SIMATIC Route Control V9.0:
All versions
only affected by CVE-2021-40359
Currently no fix is available
See recommendations from section Workarounds and Mitigations
SIMATIC Route Control V9.1:
All versions
only affected by CVE-2021-40359
See remediation for SIMATIC PCS 7 V9.1
See further recommendations from section Workarounds and Mitigations
SIMATIC WinCC V7.4:
All versions < V7.4 SP1 Update 19
Update to V7.4 SP1 Update 19 or later version
https://support.industry.siemens.com/cs/ww/en/view/109806846/
See further recommendations from section Workarounds and Mitigations
SIMATIC WinCC V7.5:
All versions < V7.5 SP2 Update 5
Update to V7.5 SP2 Update 5 or later version
https://support.industry.siemens.com/cs/ww/en/view/109793460/
See further recommendations from section Workarounds and Mitigations
SIMATIC WinCC V15 and earlier:
All versions < V15 SP1 Update 7
Update to V15 SP1 Update 7 or later version
https://support.industry.siemens.com/cs/us/en/view/109763890/
See further recommendations from section Workarounds and Mitigations
SIMATIC WinCC V16:
All versions < V16 Update 5
Update to V16 Update 5 or later version
https://support.industry.siemens.com/cs/ww/en/view/109776017/
See further recommendations from section Workarounds and Mitigations
SIMATIC WinCC V17:
All versions < V17 Update 2
Update to V17 Update 2 or later version
https://support.industry.siemens.com/cs/ww/en/view/109784441/
See further recommendations from section Workarounds and Mitigations

CVSS v3.1 Base Score 9.9
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE: CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CVSS v3.1 Base Score 7.7
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE: CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CVSS v3.1 Base Score 5.5
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE: CWE-532: Insertion of Sensitive Information into Log File

https://www.siemens.com/cert/advisories