Publication Date: 2022-02-08
Last Update: 2022-05-10
Current Version: V1.2
CVSS v3.1 Base Score: 6.3

Affected Product and Versions Remediation
SIMATIC PCS 7 V8.2:
All versions
Install SIMATIC WinCC V7.4 SP1 Update 19 or later version
https://support.industry.siemens.com/cs/ww/en/view/109806846/
See further recommendations from section Workarounds and Mitigations
SIMATIC PCS 7 V9.0:
All versions
Update to V9.0 SP3 UpdateCollection04 or later version
https://support.industry.siemens.com/cs/ww/en/view/109780528/
See further recommendations from section Workarounds and Mitigations
SIMATIC PCS 7 V9.1:
All versions < V9.1 SP1
Update to V9.1 SP1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109805073/
See further recommendations from section Workarounds and Mitigations
SIMATIC WinCC V7.4:
All versions < V7.4 SP1 Update 19
Update to V7.4 SP1 Update 19 or later version
https://support.industry.siemens.com/cs/ww/en/view/109806846/
See further recommendations from section Workarounds and Mitigations
SIMATIC WinCC V7.5:
All versions < V7.5 SP2 Update 6
Update to V7.5 SP2 Update 6 or later version
https://support.industry.siemens.com/cs/ww/en/view/109793460/
See further recommendations from section Workarounds and Mitigations
SIMATIC WinCC V15 and earlier:
All versions < V15 SP1 Update 7
Update to V15 SP1 Update 7 or later version
https://support.industry.siemens.com/cs/us/en/view/109763890/
See further recommendations from section Workarounds and Mitigations
SIMATIC WinCC V16:
All versions < V16 Update 5
Update to V16 Update 5 or later version
https://support.industry.siemens.com/cs/ww/en/view/109776017/
See further recommendations from section Workarounds and Mitigations
SIMATIC WinCC V17:
All versions < V17 Update 2
Update to V17 Update 2 or later version
https://support.industry.siemens.com/cs/ww/en/view/109784441/
See further recommendations from section Workarounds and Mitigations
SIMATIC WinCC V17:
All versions >= V17 Update 2
only affected by CVE-2021-40363
Currently no fix is available
See recommendations from section Workarounds and Mitigations

CVSS v3.1 Base Score 6.3
CVSS Vector CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CVSS v3.1 Base Score 5.5
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE: CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory

https://www.siemens.com/cert/advisories