Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the different firmware versions for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant).
These GNU/Linux vulnerabilities have been externally identified and Siemens is working on an update for the latest firmware version, and recommends the following mitigations:
Note: The list of vulnerabilities for firmware versions below V2.9.4 are no longer maintained.
The following vulnerabilities affect the current version V2.9.4.
Relevant during runtime:
The following vulnerabilities affect version V2.9.3 and might also affect previous versions of the firmware.
Note: As of February 2022, this list is no longer maintained.
The following vulnerabilities affect version V2.8.4 and might also affect previous versions of the firmware.
Note: As of September 2021, this list is no longer maintained.
Relevant during buildtime:
The following vulnerabilities affect version V2.6.1 and might also affect previous versions of the firmware.
Note: As of April 2021, this list is no longer maintained.
The following vulnerabilities have been fixed by V2.6.1 and affect only previous versions of the firmware.
The following vulnerabilities have been fixed by V2.6.0 and affect only previous versions of the firmware.
Siemens thanks the following parties for their efforts: