Publication Date: 2020-02-11
Last Update: 2022-06-14
Current Version: V1.7
CVSS v3.1 Base Score: 7.5

Affected Product and Versions Remediation
IE/PB LINK PN IO (incl. SIPLUS NET variants):
All versions < V4.0.1
Update to V4.0.1 or later version
https://support.industry.siemens.com/cs/ww/en/view/109780330/
See further recommendations from section Workarounds and Mitigations
SCALANCE S602:
All versions < V4.1
Update to V4.1
Update is only available via Siemens Support contact

Upgrade hardware to successor product from SCALANCE SC-600 family (https://support.industry.siemens.com/cs/document/109756957) and apply patches when available, or follow recommendations from section Workarounds and Mitigations
See further recommendations from section Workarounds and Mitigations
SCALANCE S612:
All versions < V4.1
Update to V4.1
Update is only available via Siemens Support contact

Upgrade hardware to successor product from SCALANCE SC-600 family (https://support.industry.siemens.com/cs/document/109756957) and apply patches when available, or follow recommendations from section Workarounds and Mitigations
See further recommendations from section Workarounds and Mitigations
SCALANCE S623:
All versions < V4.1
Update to V4.1
Update is only available via Siemens Support contact

Upgrade hardware to successor product from SCALANCE SC-600 family (https://support.industry.siemens.com/cs/document/109756957) and apply patches when available, or follow recommendations from section Workarounds and Mitigations
See further recommendations from section Workarounds and Mitigations
SCALANCE S627-2M:
All versions < V4.1
Update to V4.1
Update is only available via Siemens Support Contact

Upgrade hardware to successor product from SCALANCE SC-600 family (https://support.industry.siemens.com/cs/document/109756957) and apply patches when available, or follow recommendations from section Workarounds and Mitigations
See further recommendations from section Workarounds and Mitigations
SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0):
All versions
Currently no fix is planned
See recommendations from section Workarounds and Mitigations
SIMATIC CP 443-1 (6GK7443-1EX30-0XE0):
All versions
Currently no fix is available
See recommendations from section Workarounds and Mitigations
SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0):
All versions
Currently no fix is planned
See recommendations from section Workarounds and Mitigations
SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0):
All versions
Currently no fix is planned
See recommendations from section Workarounds and Mitigations
SIMATIC CP 1623 (6GK1162-3AA00):
All versions < V14.00.15.00_51.25.00.01
The updated firmware is contained in SIMATIC NET PC Software V14 Update 14 or later version or SIMATIC NET PC Software V16 or later version
https://support.industry.siemens.com/cs/ww/en/view/109775589/
See further recommendations from section Workarounds and Mitigations
SIMATIC CP 1626 (6GK1162-6AA01):
All versions < V1.1.1
Update to V1.1.1 or later version
https://support.industry.siemens.com/cs/us/en/view/109792924/
See further recommendations from section Workarounds and Mitigations
SIMATIC CP 1628 (6GK1162-8AA00):
All versions < V14.00.15.00_51.25.00.01
Update to SIMATIC NET PC Software V16 or later version
https://support.industry.siemens.com/cs/ww/en/view/109775589/
See further recommendations from section Workarounds and Mitigations
SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0):
All versions
Currently no fix is planned
See recommendations from section Workarounds and Mitigations
SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0):
All versions
Currently no fix is available
See recommendations from section Workarounds and Mitigations
SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0):
All versions
Currently no fix is planned
See recommendations from section Workarounds and Mitigations
SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0):
All versions < V2.0
Update to V2.0 or later version
https://support.industry.siemens.com/cs/ww/en/view/109774204/
See further recommendations from section Workarounds and Mitigations
TIM 1531 IRC (6GK7543-1MX00-0XE0):
All versions < V2.0
Update to V2.0 or later version
https://support.industry.siemens.com/cs/ww/en/view/109774204/
See further recommendations from section Workarounds and Mitigations

CVSS v3.1 Base Score 7.5
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE: CWE-20: Improper Input Validation

CVSS v3.1 Base Score 6.5
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE: CWE-476: NULL Pointer Dereference

https://www.siemens.com/cert/advisories