Publication Date: 2021-07-13
Last Update: 2022-06-14
Current Version: V1.2
CVSS v3.1 Base Score: 9.8

Affected Product and Versions Remediation
SIMATIC CP 1243-1 (incl. SIPLUS variants):
All versions
Currently no fix is available
See recommendations from section Workarounds and Mitigations
SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0):
All versions
Currently no fix is available
See recommendations from section Workarounds and Mitigations
SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0):
All versions
Currently no fix is planned
See recommendations from section Workarounds and Mitigations
SIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants):
All versions
Currently no fix is planned
See recommendations from section Workarounds and Mitigations
SIMATIC CP 1543-1 (incl. SIPLUS variants):
All versions < V3.0
Update to V3.0 or later version
https://support.industry.siemens.com/cs/ww/en/view/109800773
See further recommendations from section Workarounds and Mitigations
SIMATIC CP 1543SP-1 (incl. SIPLUS variants):
All versions
Currently no fix is planned
See recommendations from section Workarounds and Mitigations
SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0):
All versions < V1.1
Update to V1.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109811116/
See further recommendations from section Workarounds and Mitigations
SIMATIC HMI Unified Comfort Panels:
All versions < V17
Update to V17 or later version
https://support.industry.siemens.com/cs/ww/en/view/109746530
See further recommendations from section Workarounds and Mitigations
SINUMERIK ONE MCP:
All versions < V2.0.1
Update to V2.0.1 or later version
Please contact your Siemens representative for information on how to obtain the update.
See further recommendations from section Workarounds and Mitigations
TIM 1531 IRC (incl. SIPLUS NET variants):
All versions < V2.2
Update to V2.2 or later version
https://support.industry.siemens.com/cs/ww/en/view/109798331
See further recommendations from section Workarounds and Mitigations

CVSS v3.1 Base Score 9.8
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C
CWE: CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)

CVSS v3.1 Base Score 7.5
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:T/RC:C
CWE: CWE-400: Uncontrolled Resource Consumption

https://www.siemens.com/cert/advisories