Publication Date: | 2021-11-09 |
Last Update: | 2022-05-10 |
Current Version: | V1.4 |
CVSS v3.1 Base Score: | 9.9 |
Affected Product and Versions | Remediation |
---|---|
OpenPCS 7 V8.2: All versions only affected by CVE-2021-40359 | See remediation for SIMATIC PCS 7 V8.2 See further recommendations from section Workarounds and Mitigations |
OpenPCS 7 V9.0: All versions < V9.0 Upd4 only affected by CVE-2021-40359 | Update to V9.0 Upd4 or later version; V9.0 Upd4 is bundled in PCS 7 V9.0 SP3 UC04 https://support.industry.siemens.com/cs/ww/en/view/109780528/ See further recommendations from section Workarounds and Mitigations |
OpenPCS 7 V9.1: All versions only affected by CVE-2021-40359 | See remediation for SIMATIC PCS 7 V9.1 See further recommendations from section Workarounds and Mitigations |
SIMATIC BATCH V8.2: All versions only affected by CVE-2021-40359 | See remediation for SIMATIC PCS 7 V8.2 See further recommendations from section Workarounds and Mitigations |
SIMATIC BATCH V9.0: All versions only affected by CVE-2021-40359 |
Currently no fix is available See recommendations from section Workarounds and Mitigations |
SIMATIC BATCH V9.1: All versions only affected by CVE-2021-40359 | See remediation for SIMATIC PCS 7 V9.1 See further recommendations from section Workarounds and Mitigations |
SIMATIC NET PC Software V14: All versions only affected by CVE-2021-40359 |
Currently no fix is available See recommendations from section Workarounds and Mitigations |
SIMATIC NET PC Software V15: All versions only affected by CVE-2021-40359 |
Currently no fix is planned See recommendations from section Workarounds and Mitigations |
SIMATIC NET PC Software V16: All versions only affected by CVE-2021-40359 |
Currently no fix is available See recommendations from section Workarounds and Mitigations |
SIMATIC NET PC Software V17: All versions < V17 SP1 only affected by CVE-2021-40359 | Update to V17 SP1 or later version https://support.industry.siemens.com/cs/ww/de/view/109808270/ See further recommendations from section Workarounds and Mitigations |
SIMATIC PCS 7 V8.2: All versions | Install SIMATIC WinCC V7.4 SP1 Update 19 or later version https://support.industry.siemens.com/cs/ww/en/view/109806846/ See further recommendations from section Workarounds and Mitigations |
SIMATIC PCS 7 V9.0: All versions < V9.0 SP3 UC04 | Update to V9.0 SP3 UC04 or later version to fix CVE-2021-40358 and CVE-2021-40364To fix CVE-2021-40359 see chapter “Additional Information” https://support.industry.siemens.com/cs/ww/en/view/109780528/ See further recommendations from section Workarounds and Mitigations |
SIMATIC PCS 7 V9.1: All versions < V9.1 SP1 | Update to V9.1 SP1 or later version https://support.industry.siemens.com/cs/ww/en/view/109805073/ See further recommendations from section Workarounds and Mitigations |
SIMATIC Route Control V8.2: All versions only affected by CVE-2021-40359 | See remediation for SIMATIC PCS 7 V8.2 See further recommendations from section Workarounds and Mitigations |
SIMATIC Route Control V9.0: All versions only affected by CVE-2021-40359 |
Currently no fix is available See recommendations from section Workarounds and Mitigations |
SIMATIC Route Control V9.1: All versions only affected by CVE-2021-40359 | See remediation for SIMATIC PCS 7 V9.1 See further recommendations from section Workarounds and Mitigations |
SIMATIC WinCC V7.4: All versions < V7.4 SP1 Update 19 | Update to V7.4 SP1 Update 19 or later version https://support.industry.siemens.com/cs/ww/en/view/109806846/ See further recommendations from section Workarounds and Mitigations |
SIMATIC WinCC V7.5: All versions < V7.5 SP2 Update 5 | Update to V7.5 SP2 Update 5 or later version https://support.industry.siemens.com/cs/ww/en/view/109793460/ See further recommendations from section Workarounds and Mitigations |
SIMATIC WinCC V15 and earlier: All versions < V15 SP1 Update 7 | Update to V15 SP1 Update 7 or later version https://support.industry.siemens.com/cs/us/en/view/109763890/ See further recommendations from section Workarounds and Mitigations |
SIMATIC WinCC V16: All versions < V16 Update 5 | Update to V16 Update 5 or later version https://support.industry.siemens.com/cs/ww/en/view/109776017/ See further recommendations from section Workarounds and Mitigations |
SIMATIC WinCC V17: All versions < V17 Update 2 | Update to V17 Update 2 or later version https://support.industry.siemens.com/cs/ww/en/view/109784441/ See further recommendations from section Workarounds and Mitigations |
CVSS v3.1 Base Score | 9.9 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE: | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
CVSS v3.1 Base Score | 7.7 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
CWE: | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
CWE: | CWE-532: Insertion of Sensitive Information into Log File |