Author: Admin @CloudCentric

Siemens Multiple Industrial Products

Written by Admin @CloudCentric on September 16, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: INDUSTRIAL EDGE, OpenPCS, RUGGEDCOM, SCALANCE, SIMATIC, SIMOTION, SINAUT, SINEC, SIPLUS, TIA
Vulnerability: Loop with Unreachable Exit Condition (‘Infinite Loop’)

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to create a denial-of-service condition.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

Siemens Industrial Edge – OPC UA Connector: All versions prior to V1.7
Siemens RUGGEDCOM ROX MX5000RE: All versions prior to V2.15.1
Siemens SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0): All versions
Siemens SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0): All versions
Siemens SCALANCE WAM763-1 (6GK5763-1AL00-7DA0): All versions prior to V2.0
Siemens SCALANCE WAM766-1 (6GK5766-1GE00-7DA0): All versions prior to V2.0
Siemens SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0): All versions prior to V2.0
Siemens SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0): All versions prior to V2.0
Siemens SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0): All versions prior to V2.0
Siemens SCALANCE WUM763-1 (6GK5763-1AL00-3AA0): All versions prior to V2.0
Siemens SCALANCE WUM763-1 (6GK5763-1AL00-3DA0): All versions prior to V2.0
Siemens SCALANCE WUM766-1 (6GK5766-1GE00-3DA0): All versions prior to V2.0
Siemens RUGGEDCOM ROX RX1400: All versions prior to V2.15.1
Siemens SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0): All versions prior to V2.0
Siemens SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3): All versions prior to V5.5.2
Siemens SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3): All versions prior to V5.5.2
Siemens SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6): All versions prior to V5.5.2
Siemens SCALANCE X202-2IRT (6GK5202-2BB00-2BA3): All versions prior to V5.5.2
Siemens SCALANCE X202-2IRT (6GK5202-2BB10-2BA3): All versions prior to V5.5.2
Siemens SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3): All versions prior to V5.5.2
Siemens SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6): All versions prior to V5.5.2
Siemens SCALANCE X204-2 (6GK5204-2BB10-2AA3): All versions
Siemens SCALANCE X204-2FM (6GK5204-2BB11-2AA3): All versions
Siemens RUGGEDCOM ROX RX1500: All versions prior to V2.15.1
Siemens SCALANCE X204-2LD (6GK5204-2BC10-2AA3): All versions
Siemens SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2): All versions
Siemens SCALANCE X204-2TS (6GK5204-2BB10-2CA2): All versions
Siemens SCALANCE X204IRT (6GK5204-0BA00-2BA3): All versions prior to V5.5.2
Siemens SCALANCE X204IRT (6GK5204-0BA10-2BA3): All versions prior to V5.5.2
Siemens SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6): All versions prior to V5.5.2
Siemens SCALANCE X206-1 (6GK5206-1BB10-2AA3): All versions
Siemens SCALANCE X206-1LD (6GK5206-1BC10-2AA3): All versions
Siemens SCALANCE X208 (6GK5208-0BA10-2AA3): All versions
Siemens SCALANCE X208PRO (6GK5208-0HA10-2AA6): All versions
Siemens RUGGEDCOM ROX RX1501: All versions prior to V2.15.1
Siemens SCALANCE X212-2 (6GK5212-2BB00-2AA3): All versions
Siemens SCALANCE X212-2LD (6GK5212-2BC00-2AA3): All versions
Siemens SCALANCE X216 (6GK5216-0BA00-2AA3): All versions
Siemens SCALANCE X224 (6GK5224-0BA00-2AA3): All versions
Siemens SCALANCE X302-7 EEC (230V, coated) (6GK5302-7GD00-3GA3): All versions prior to V4.1.7
Siemens SCALANCE X302-7 EEC (230V) (6GK5302-7GD00-3EA3): All versions prior to V4.1.7
Siemens SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3): All versions prior to V4.1.7
Siemens SCALANCE X302-7 EEC (24V) (6GK5302-7GD00-1EA3): All versions prior to V4.1.7
Siemens SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3): All versions prior to V4.1.7
Siemens SCALANCE X302-7 EEC (2x 230V) (6GK5302-7GD00-4EA3): All versions prior to V4.1.7
Siemens RUGGEDCOM ROX RX1510: All versions prior to V2.15.1
Siemens SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3): All versions prior to V4.1.7
Siemens SCALANCE X302-7 EEC (2x 24V) (6GK5302-7GD00-2EA3): All versions prior to V4.1.7
Siemens SCALANCE X304-2FE (6GK5304-2BD00-2AA3): All versions prior to V4.1.7
Siemens SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3): All versions prior to V4.1.7
Siemens SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3): All versions prior to V4.1.7
Siemens SCALANCE X307-2 EEC (230V) (6GK5307-2FD00-3EA3): All versions prior to V4.1.7
Siemens SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3): All versions prior to V4.1.7
Siemens SCALANCE X307-2 EEC (24V) (6GK5307-2FD00-1EA3): All versions prior to V4.1.7
Siemens SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3): All versions prior to V4.1.7
Siemens SCALANCE X307-2 EEC (2x 230V) (6GK5307-2FD00-4EA3): All versions prior to V4.1.7
Siemens RUGGEDCOM ROX RX1511: All versions prior to V2.15.1
Siemens SCALANCE X307-2 EEC (2x 24V, coated) (6GK5307-2FD00-2GA3): All versions prior to V4.1.7
Siemens SCALANCE X307-2 EEC (2x 24V) (6GK5307-2FD00-2EA3): All versions prior to V4.1.7
Siemens SCALANCE X307-3 (6GK5307-3BL00-2AA3): All versions prior to V4.1.7
Siemens SCALANCE X307-3 (6GK5307-3BL10-2AA3): All versions prior to V4.1.7
Siemens SCALANCE X307-3LD (6GK5307-3BM00-2AA3): All versions prior to V4.1.7
Siemens SCALANCE X307-3LD (6GK5307-3BM10-2AA3): All versions prior to V4.1.7
Siemens SCALANCE X308-2 (6GK5308-2FL00-2AA3): All versions prior to V4.1.7
Siemens SCALANCE X308-2 RD (inkl. SIPLUS variants): All versions prior to V4.1.7
Siemens SCALANCE X308-2LD (6GK5308-2FM00-2AA3): All versions prior to V4.1.7
Siemens SCALANCE X308-2LD (6GK5308-2FM10-2AA3): All versions prior to V4.1.7
Siemens RUGGEDCOM ROX RX1512: All versions prior to V2.15.1
Siemens SCALANCE X308-2LH (6GK5308-2FN00-2AA3): All versions prior to V4.1.7
Siemens SCALANCE X308-2LH (6GK5308-2FN10-2AA3): All versions prior to V4.1.7
Siemens SCALANCE X308-2LH+ (6GK5308-2FP00-2AA3): All versions prior to V4.1.7
Siemens SCALANCE X308-2LH+ (6GK5308-2FP10-2AA3): All versions prior to V4.1.7
Siemens SCALANCE X308-2M (6GK5308-2GG00-2AA2): All versions prior to V4.1.7
Siemens SCALANCE X308-2M (6GK5308-2GG10-2AA2): All versions prior to V4.1.7
Siemens SCALANCE X308-2M PoE (6GK5308-2QG00-2AA2): All versions prior to V4.1.7
Siemens SCALANCE X308-2M PoE (6GK5308-2QG10-2AA2): All versions prior to V4.1.7
Siemens SCALANCE X308-2M TS (6GK5308-2GG00-2CA2): All versions prior to V4.1.7
Siemens SCALANCE X308-2M TS (6GK5308-2GG10-2CA2): All versions prior to V4.1.7
Siemens RUGGEDCOM ROX RX1524: All versions prior to V2.15.1
Siemens SCALANCE X310 (6GK5310-0FA00-2AA3): All versions prior to V4.1.7
Siemens SCALANCE X310 (6GK5310-0FA10-2AA3): All versions prior to V4.1.7
Siemens SCALANCE X310FE (6GK5310-0BA00-2AA3): All versions prior to V4.1.7
Siemens SCALANCE X310FE (6GK5310-0BA10-2AA3): All versions prior to V4.1.7
Siemens SCALANCE X320-1 FE (6GK5320-1BD00-2AA3): All versions prior to V4.1.7
Siemens SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3): All versions prior to V4.1.7
Siemens SCALANCE X408-2 (6GK5408-2FD00-2AA2): All versions prior to V4.1.7
Siemens SCALANCE XB205-3 (SC, PN) (6GK5205-3BB00-2AB2): All versions prior to V4.4
Siemens SCALANCE XB205-3 (ST, E/IP) (6GK5205-3BB00-2TB2): All versions prior to V4.4
Siemens SCALANCE XB205-3 (ST, E/IP) (6GK5205-3BD00-2TB2): All versions prior to V4.4
Siemens RUGGEDCOM ROX RX1536: All versions prior to V2.15.1
Siemens SCALANCE XB205-3 (ST, PN) (6GK5205-3BD00-2AB2): All versions prior to V4.4
Siemens SCALANCE XB205-3LD (SC, E/IP) (6GK5205-3BF00-2TB2): All versions prior to V4.4
Siemens SCALANCE XB205-3LD (SC, PN) (6GK5205-3BF00-2AB2): All versions prior to V4.4
Siemens SCALANCE XB208 (E/IP) (6GK5208-0BA00-2TB2): All versions prior to V4.4
Siemens SCALANCE XB208 (PN) (6GK5208-0BA00-2AB2): All versions prior to V4.4
Siemens SCALANCE XB213-3 (SC, E/IP) (6GK5213-3BD00-2TB2): All versions prior to V4.4
Siemens SCALANCE XB213-3 (SC, PN) (6GK5213-3BD00-2AB2): All versions prior to V4.4
Siemens SCALANCE XB213-3 (ST, E/IP) (6GK5213-3BB00-2TB2): All versions prior to V4.4
Siemens SCALANCE XB213-3 (ST, PN) (6GK5213-3BB00-2AB2): All versions prior to V4.4
Siemens SCALANCE XB213-3LD (SC, E/IP) (6GK5213-3BF00-2TB2): All versions prior to V4.4
Siemens RUGGEDCOM ROX RX5000: All versions prior to V2.15.1
Siemens SCALANCE XB213-3LD (SC, PN) (6GK5213-3BF00-2AB2): All versions prior to V4.4
Siemens SCALANCE XB216 (E/IP) (6GK5216-0BA00-2TB2): All versions prior to V4.4
Siemens SCALANCE XB216 (PN) (6GK5216-0BA00-2AB2): All versions prior to V4.4
Siemens SCALANCE XC206-2 (SC) (6GK5206-2BD00-2AC2): All versions prior to V4.4
Siemens SCALANCE XC206-2 (ST/BFOC) (6GK5206-2BB00-2AC2): All versions prior to V4.4
Siemens SCALANCE XC206-2G PoE (6GK5206-2RS00-2AC2): All versions prior to V4.4
Siemens SCALANCE XC206-2G PoE (54 V DC) (6GK5206-2RS00-5AC2): All versions prior to V4.4
Siemens SCALANCE XC206-2G PoE EEC (54 V DC) (6GK5206-2RS00-5FC2): All versions prior to V4.4
Siemens SCALANCE XC206-2SFP (6GK5206-2BS00-2AC2): All versions prior to V4.4
Siemens SCALANCE XC206-2SFP EEC (6GK5206-2BS00-2FC2): All versions prior to V4.4
Siemens Industrial Edge – SIMATIC S7 Connector App: All versions prior to V1.7
Siemens SCALANCE LPE9403 (6GK5998-3GS00-2AC2): All versions prior to V2.0
Siemens SCALANCE XC206-2SFP G (6GK5206-2GS00-2AC2): All versions prior to V4.4
Siemens SCALANCE XC206-2SFP G (EIP DEF.) (6GK5206-2GS00-2TC2): All versions prior to V4.4
Siemens SCALANCE XC206-2SFP G EEC (6GK5206-2GS00-2FC2): All versions prior to V4.4
Siemens SCALANCE XC208 (6GK5208-0BA00-2AC2): All versions prior to V4.4
Siemens SCALANCE XC208EEC (6GK5208-0BA00-2FC2): All versions prior to V4.4
Siemens SCALANCE XC208G (6GK5208-0GA00-2AC2): All versions prior to V4.4
Siemens SCALANCE XC208G (EIP def.) (6GK5208-0GA00-2TC2): All versions prior to V4.4
Siemens SCALANCE XC208G EEC (6GK5208-0GA00-2FC2): All versions prior to V4.4
Siemens SCALANCE XC208G PoE (6GK5208-0RA00-2AC2): All versions prior to V4.4
Siemens SCALANCE XC208G PoE (54 V DC) (6GK5208-0RA00-5AC2): All versions prior to V4.4
Siemens SCALANCE M804PB (6GK5804-0AP00-2AA2): All versions prior to V7.2
Siemens SCALANCE XC216 (6GK5216-0BA00-2AC2): All versions prior to V4.4
Siemens SCALANCE XC216-3G PoE (6GK5216-3RS00-2AC2): All versions prior to V4.4
Siemens SCALANCE XC216-3G PoE (54 V DC) (6GK5216-3RS00-5AC2): All versions prior to V4.4
Siemens SCALANCE XC216-4C (6GK5216-4BS00-2AC2): All versions prior to V4.4
Siemens SCALANCE XC216-4C G (6GK5216-4GS00-2AC2): All versions prior to V4.4
Siemens SCALANCE XC216-4C G (EIP Def.) (6GK5216-4GS00-2TC2): All versions prior to V4.4
Siemens SCALANCE XC216-4C G EEC (6GK5216-4GS00-2FC2): All versions prior to V4.4
Siemens SCALANCE XC216EEC (6GK5216-0BA00-2FC2): All versions prior to V4.4
Siemens SCALANCE XC224 (6GK5224-0BA00-2AC2): All versions prior to V4.4
Siemens SCALANCE XC224-4C G (6GK5224-4GS00-2AC2): All versions prior to V4.4
Siemens SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2): All versions prior to V7.2
Siemens SCALANCE XC224-4C G (EIP Def.) (6GK5224-4GS00-2TC2): All versions prior to V4.4
Siemens SCALANCE XC224-4C G EEC (6GK5224-4GS00-2FC2): All versions prior to V4.4
Siemens SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2): All versions prior to V5.5.2
Siemens SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2): All versions prior to V5.5.2
Siemens SCALANCE XF204 (6GK5204-0BA00-2AF2): All versions
Siemens SCALANCE XF204 (6GK5204-0BA00-2GF2): All versions prior to V4.4
Siemens SCALANCE XF204 DNA (6GK5204-0BA00-2YF2): All versions prior to V4.4
Siemens SCALANCE XF204-2 (6GK5204-2BC00-2AF2): All versions
Siemens SCALANCE XF204-2BA (6GK5204-2AA00-2GF2): All versions prior to V4.4
Siemens SCALANCE XF204-2BA DNA (6GK5204-2AA00-2YF2): All versions prior to V4.4
Siemens SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2): All versions prior to V7.2
Siemens SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2): All versions prior to V5.5.2
Siemens SCALANCE XF204IRT (6GK5204-0BA00-2BF2): All versions prior to V5.5.2
Siemens SCALANCE XF206-1 (6GK5206-1BC00-2AF2): All versions
Siemens SCALANCE XF208 (6GK5208-0BA00-2AF2): All versions
Siemens SCALANCE XM408-4C (6GK5408-4GP00-2AM2): All versions prior to V6.5
Siemens SCALANCE XM408-4C (L3 int.) (6GK5408-4GQ00-2AM2): All versions prior to V6.5
Siemens SCALANCE XM408-8C (6GK5408-8GS00-2AM2): All versions prior to V6.5
Siemens SCALANCE XM408-8C (L3 int.) (6GK5408-8GR00-2AM2): All versions prior to V6.5
Siemens SCALANCE XM416-4C (6GK5416-4GS00-2AM2): All versions prior to V6.5
Siemens SCALANCE XM416-4C (L3 int.) (6GK5416-4GR00-2AM2): All versions prior to V6.5
Siemens SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2): All versions prior to V7.2
Siemens SCALANCE XP208 (6GK5208-0HA00-2AS6): All versions prior to V4.4
Siemens SCALANCE XP208 (Ethernet/IP) (6GK5208-0HA00-2TS6): All versions prior to V4.4
Siemens SCALANCE XP208EEC (6GK5208-0HA00-2ES6): All versions prior to V4.4
Siemens SCALANCE XP208PoE EEC (6GK5208-0UA00-5ES6): All versions prior to V4.4
Siemens SCALANCE XP216 (6GK5216-0HA00-2AS6): All versions prior to V4.4
Siemens SCALANCE XP216 (Ethernet/IP) (6GK5216-0HA00-2TS6): All versions prior to V4.4
Siemens SCALANCE XP216EEC (6GK5216-0HA00-2ES6): All versions prior to V4.4
Siemens SCALANCE XP216POE EEC (6GK5216-0UA00-5ES6): All versions prior to V4.4
Siemens SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG10-3AR2): All versions prior to V4.1.7
Siemens SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2): All versions prior to V7.2
Siemens SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG10-3HR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-12M TS (24V) (6GK5324-0GG00-1CR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-12M TS (24V) (6GK5324-0GG10-1CR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-3ER2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-3ER2): All versions prior to V4.1.7
Siemens SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2): All versions prior to V7.2
Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-3JR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-3JR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG00-1JR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-4ER2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-4ER2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-4JR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-4JR2): All versions prior to V4.1.7
Siemens SCALANCE M874-2 (6GK5874-2AA00-2AA2): All versions prior to V7.2
Siemens SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG10-3AR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG10-3HR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG10-1AR2): All versions prior to V4.1.7
Siemens SCALANCE M874-3 (6GK5874-3AA00-2AA2): All versions prior to V7.2
Siemens SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG10-1HR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2): All versions prior to V4.1.7
Siemens SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG10-1CR2): All versions prior to V4.1.7
Siemens SCALANCE XR324WG (24 x FE, AC 230V) (6GK5324-0BA00-3AR3): All versions prior to V4.4
Siemens SCALANCE XR324WG (24 X FE, DC 24V) (6GK5324-0BA00-2AR3): All versions prior to V4.4
Siemens SCALANCE XR326-2C PoE WG (6GK5326-2QS00-3AR3): All versions prior to V4.4
Siemens SCALANCE XR326-2C PoE WG (without UL) (6GK5326-2QS00-3RR3): All versions prior to V4.4
Siemens SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (6GK5328-4FS00-2AR3): All versions prior to V4.4
Siemens SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (6GK5328-4FS00-2RR3): All versions prior to V4.4
Siemens SCALANCE M876-3 (6GK5876-3AA02-2BA2): All versions prior to V7.2
Siemens SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (6GK5328-4FS00-3AR3): All versions prior to V4.4
Siemens SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (6GK5328-4FS00-3RR3): All versions prior to V4.4
Siemens SCALANCE XR328-4C WG (28xGE, AC 230V) (6GK5328-4SS00-3AR3): All versions prior to V4.4
Siemens SCALANCE XR328-4C WG (28xGE, DC 24V) (6GK5328-4SS00-2AR3): All versions prior to V4.4
Siemens SCALANCE XR524-8C, 1x230V (6GK5524-8GS00-3AR2): All versions prior to V6.5
Siemens SCALANCE XR524-8C, 1x230V (L3 int.) (6GK5524-8GR00-3AR2): All versions prior to V6.5
Siemens SCALANCE XR524-8C, 24V (6GK5524-8GS00-2AR2): All versions prior to V6.5
Siemens SCALANCE XR524-8C, 24V (L3 int.) (6GK5524-8GR00-2AR2): All versions prior to V6.5
Siemens SCALANCE XR524-8C, 2x230V (6GK5524-8GS00-4AR2): All versions prior to V6.5
Siemens SCALANCE XR524-8C, 2x230V (L3 int.) (6GK5524-8GR00-4AR2): All versions prior to V6.5
Siemens OpenPCS 7 V8.2: All versions
Siemens SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2): All versions prior to V7.2
Siemens SCALANCE XR526-8C, 1x230V (6GK5526-8GS00-3AR2): All versions prior to V6.5
Siemens SCALANCE XR526-8C, 1x230V (L3 int.) (6GK5526-8GR00-3AR2): All versions prior to V6.5
Siemens SCALANCE XR526-8C, 24V (6GK5526-8GS00-2AR2): All versions prior to V6.5
Siemens SCALANCE XR526-8C, 24V (L3 int.) (6GK5526-8GR00-2AR2): All versions prior to V6.5
Siemens SCALANCE XR526-8C, 2x230V (6GK5526-8GS00-4AR2): All versions prior to V6.5
Siemens SCALANCE XR526-8C, 2x230V (L3 int.) (6GK5526-8GR00-4AR2): All versions prior to V6.5
Siemens SCALANCE XR528-6M (6GK5528-0AA00-2AR2): All versions prior to V6.5
Siemens SCALANCE XR528-6M (2HR2, L3 int.) (6GK5528-0AR00-2HR2): All versions prior to V6.5
Siemens SCALANCE XR528-6M (2HR2) (6GK5528-0AA00-2HR2): All versions prior to V6.5
Siemens SCALANCE XR528-6M (L3 int.) (6GK5528-0AR00-2AR2): All versions prior to V6.5
Siemens SCALANCE M876-4 (6GK5876-4AA10-2BA2): All versions prior to V7.2
Siemens SCALANCE XR552-12M (6GK5552-0AA00-2AR2): All versions prior to V6.5
Siemens SCALANCE XR552-12M (2HR2, L3 int.) (6GK5552-0AR00-2AR2): All versions prior to V6.5
Siemens SCALANCE XR552-12M (2HR2) (6GK5552-0AA00-2HR2): All versions prior to V6.5
Siemens SCALANCE XR552-12M (2HR2) (6GK5552-0AR00-2HR2): All versions prior to V6.5
Siemens Security Configuration Tool (SCT): All versions
Siemens SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00): All versions prior to V1.9
Siemens SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00): All versions prior to V1.9
Siemens SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0): All versions prior to V3.4.29
Siemens SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0): All versions prior to V3.4.29
Siemens SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0): All versions prior to V3.4.29
Siemens SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2): All versions prior to V7.2
Siemens SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0): All versions prior to V3.4.29
Siemens SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0): All versions prior to V3.4.29
Siemens SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0): All versions prior to V2.2.28
Siemens SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0): All versions prior to V3.0.37
Siemens SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0): All versions prior to V2.2.28
Siemens SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0): All versions prior to V1.1.80
Siemens SIMATIC CP 1626 (6GK1162-6AA01): All versions
Siemens SIMATIC CP 1628 (6GK1162-8AA00): All versions
Siemens SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0): All versions
Siemens SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0): All versions prior to V3.3.11
Siemens SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2): All versions prior to V7.2
Siemens SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0): All versions
Siemens SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0): All versions prior to V2.9.7
Siemens SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0): All versions prior to V2.9.7
Siemens SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ00-0AB0): All versions
Siemens SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0): All versions prior to V2.9.7
Siemens SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ00-0AB0): All versions
Siemens SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0): All versions prior to V2.9.7
Siemens SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK00-0AB0): All versions
Siemens SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0): All versions prior to V2.9.7
Siemens SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK00-0AB0): All versions
Siemens SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1): All versions prior to V7.2
Siemens SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0): All versions prior to V2.9.7
Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): All versions prior to V21.9.7
Siemens SIMATIC HMI Unified Comfort Panels family: All versions prior to V18
Siemens SIMATIC Logon V1.6: All versions prior to V1.6 Upd6
Siemens SIMATIC MV540 H (6GF3540-0GE10): All versions prior to V3.3
Siemens SIMATIC MV540 S (6GF3540-0CD10): All versions prior to V3.3
Siemens SIMATIC MV550 H (6GF3550-0GE10): All versions prior to V3.3
Siemens SIMATIC MV550 S (6GF3550-0CD10): All versions prior to V3.3
Siemens SIMATIC MV560 U (6GF3560-0LE10): All versions prior to V3.3
Siemens SIMATIC MV560 X (6GF3560-0HE10): All versions prior to V3.3
Siemens SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1): All versions prior to V7.2
Siemens SIMATIC NET PC Software V14: All versions
Siemens SIMATIC NET PC Software V15: All versions
Siemens SIMATIC NET PC Software V16: All versions prior to V16 Update 6
Siemens SIMATIC NET PC Software V17: All versions prior to V17 SP1 Update 1
Siemens SIMATIC PCS 7 TeleControl: All versions prior to V9.1 Update 1
Siemens SIMATIC PCS 7 V8.2: All versions
Siemens SIMATIC PCS 7 V9.0: All versions
Siemens SIMATIC PCS 7 V9.1: All versions prior to V9.1 SP2 UC04
Siemens SIMATIC PCS neo (Administration Console): All versions prior to V4.0
Siemens SIMATIC PDM: All versions prior to V9.2 SP2
Siemens SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1): All versions prior to V7.2
Siemens SIMATIC Process Historian OPC UA Server: All versions prior to V2020 SP1 Update 1
Siemens SIMATIC RF166C (6GT2002-0EE20): All versions prior to V2.0.1
Siemens SIMATIC RF185C (6GT2002-0JE10): All versions prior to V2.0.1
Siemens SIMATIC RF186C (6GT2002-0JE20): All versions prior to V2.0.1
Siemens SIMATIC RF186CI (6GT2002-0JE50): All versions prior to V2.0.1
Siemens SIMATIC RF188C (6GT2002-0JE40): All versions prior to V2.0.1
Siemens SIMATIC RF188CI (6GT2002-0JE60): All versions prior to V2.0.1
Siemens SIMATIC RF360R (6GT2801-5BA30): All versions prior to V2.0.1
Siemens SIMATIC RF610R (6GT2811-6BC10): All versions prior to V4.0.1
Siemens SIMATIC RF615R (6GT2811-6CC10): All versions prior to V4.0.1
Siemens SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2): All versions prior to V7.2
Siemens SIMATIC RF650R (6GT2811-6AB20): All versions prior to V4.0.1
Siemens SIMATIC RF680R (6GT2811-6AA10): All versions prior to V4.0.1
Siemens SIMATIC RF685R (6GT2811-6CA10): All versions prior to V4.0.1
Siemens SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0): All versions prior to V4.6.0
Siemens SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0): All versions prior to V4.6.0
Siemens SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0): All versions prior to V4.6.0
Siemens SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0): All versions prior to V4.6.0
Siemens SIMATIC S7-1200 CPU 1212C DC/DC/DC (6ES7212-1AE40-0XB0): All versions prior to V4.6.0
Siemens SIMATIC S7-1200 CPU 1212C DC/DC/Rly (6ES7212-1HE40-0XB0): All versions prior to V4.6.0
Siemens SIMATIC S7-1200 CPU 1212FC DC/DC/DC (6ES7212-1AF40-0XB0): All versions prior to V4.6.0
Siemens SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2): All versions prior to V7.2
Siemens SIMATIC S7-1200 CPU 1212FC DC/DC/Rly (6ES7212-1HF40-0XB0): All versions prior to V4.6.0
Siemens SIMATIC S7-1200 CPU 1214C AC/DC/Rly (6ES7214-1BG40-0XB0): All versions prior to V4.6.0
Siemens SIMATIC S7-1200 CPU 1214C DC/DC/DC (6ES7214-1AG40-0XB0): All versions prior to V4.6.0
Siemens SIMATIC S7-1200 CPU 1214C DC/DC/Rly (6ES7214-1HG40-0XB0): All versions prior to V4.6.0
Siemens SIMATIC S7-1200 CPU 1214FC DC/DC/DC (6ES7214-1AF40-0XB0): All versions prior to V4.6.0
Siemens SIMATIC S7-1200 CPU 1214FC DC/DC/Rly (6ES7214-1HF40-0XB0): All versions prior to V4.6.0
Siemens SIMATIC S7-1200 CPU 1215C AC/DC/Rly (6ES7215-1BG40-0XB0): All versions prior to V4.6.0
Siemens SIMATIC S7-1200 CPU 1215C DC/DC/DC (6ES7215-1AG40-0XB0): All versions prior to V4.6.0
Siemens SIMATIC S7-1200 CPU 1215C DC/DC/Rly (6ES7215-1HG40-0XB0): All versions prior to V4.6.0
Siemens SIMATIC S7-1200 CPU 1215FC DC/DC/DC (6ES7215-1AF40-0XB0): All versions prior to V4.6.0
Siemens SCALANCE SC622-2C (6GK5622-2GS00-2AC2): All versions prior to V2.3.1
Siemens SIMATIC S7-1200 CPU 1215FC DC/DC/Rly (6ES7215-1HF40-0XB0): All versions prior to V4.6.0
Siemens SIMATIC S7-1200 CPU 1217C DC/DC/DC (6ES7217-1AG40-0XB0): All versions prior to V4.6.0
Siemens SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0): All versions
Siemens SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK00-0AB0): All versions
Siemens SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0): All versions prior to V2.9.7
Siemens OpenPCS 7 V9.0: All versions
Siemens SCALANCE SC632-2C (6GK5632-2GS00-2AC2): All versions prior to V2.3.1
Siemens SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL00-0AB0): All versions
Siemens SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL00-0AB0): All versions
Siemens SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0): All versions prior to V2.9.7
Siemens SCALANCE SC636-2C (6GK5636-2GS00-2AC2): All versions prior to V2.3.1
Siemens SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM00-0AB0): All versions
Siemens SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM00-0AB0): All versions
Siemens SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0): All versions prior to V2.9.7
Siemens SCALANCE SC642-2C (6GK5642-2GS00-2AC2): All versions prior to V2.3.1
Siemens SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN00-0AB0): All versions
Siemens SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN00-0AB0): All versions
Siemens SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0): All versions prior to V3.0.1
Siemens SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0): All versions prior to V3.0.1
Siemens SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0): All versions prior to V3.0.1
Siemens SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0): All versions prior to V3.0.1
Siemens SCALANCE SC646-2C (6GK5646-2GS00-2AC2): All versions prior to V2.3.1
Siemens SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0): All versions prior to V3.0.1
Siemens SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0): All versions prior to V3.0.1
Siemens SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0): All versions prior to V3.0.1
Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0): All versions prior to V3.0.1
Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0): All versions prior to V3.0.1
Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0): All versions prior to V3.0.1
Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0): All versions prior to V3.0.1
Siemens SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0): All versions prior to V3.0.1
Siemens SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0): All versions prior to V3.0.1
Siemens SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0): All versions prior to V3.0.1
Siemens SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0): All versions
Siemens SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0): All versions prior to V2.9.7
Siemens SIMATIC S7-1500 Software Controller V2: All versions prior to V21.9.7
Siemens SIMATIC S7-PLCSIM Advanced: All versions prior to V5.0
Siemens SIMATIC STEP 7 V15.1: All versions
Siemens SIMATIC STEP 7 V16: All versions
Siemens SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0): All versions
Siemens SIMATIC STEP 7 V17: All versions prior to V17 Update 5
Siemens SIMATIC STEP 7 V5: All versions prior to V5.7 HF4
Siemens SIMATIC WinCC Unified (TIA Portal): All versions prior to V17 Update 5
Siemens SIMATIC WinCC V15.1: All versions
Siemens SIMATIC WinCC V16: All versions
Siemens SIMATIC WinCC V17: All versions prior to V17 Update 5
Siemens SIMATIC WinCC V7.3: All versions
Siemens SIMATIC WinCC V7.4: All versions prior to V7.4 SP1 Update 22
Siemens SIMATIC WinCC V7.5: All versions prior to V7.5 SP2 Update 16
Siemens SIMOCODE ES V15.1: All versions
Siemens SCALANCE W1750D (JP) (6GK5750-2HX01-1AD0): All versions prior to V8.7.1.11
Siemens SIMOCODE ES V16: All versions
Siemens SIMOCODE ES V17: All versions prior to V17 Update 5
Siemens SIMOTION: vers:intdot/>=5.1|<5.5.1
Siemens SIMOTION SCOUT TIA V5.3: All versions
Siemens SIMOTION SCOUT TIA V5.4: All versions
Siemens SINAMICS DCC V15.1: All versions
Siemens SINAMICS DCC V16: All versions
Siemens SINAMICS Startdrive V15.1: All versions
Siemens SINAMICS Startdrive V16: All versions
Siemens SINAMICS Startdrive V17: All versions
Siemens SCALANCE W1750D (ROW) (6GK5750-2HX01-1AA0): All versions prior to V8.7.1.11
Siemens SINAUT Software ST7sc: All versions
Siemens SINAUT ST7CC: All versions
Siemens SINEC INS: All versions prior to V1.0 SP2
Siemens SINEC NMS: All versions prior to V1.0 SP3
Siemens SINEMA Remote Connect Server: All versions prior to V3.1
Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0): All versions prior to V2.2.28
Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0): All versions prior to V2.2.28
Siemens SIPLUS ET 200SP CPU 1510SP F-1 PN (6AG1510-1SJ01-2AB0): All versions prior to V2.9.7
Siemens SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL (6AG2510-1SJ01-1AB0): All versions prior to V2.9.7
Siemens SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-2AB0): All versions prior to V2.9.7
Siemens SCALANCE W1750D (USA) (6GK5750-2HX01-1AB0): All versions prior to V8.7.1.11
Siemens SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-7AB0): All versions prior to V2.9.7
Siemens SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-1AB0): All versions prior to V2.9.7
Siemens SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-4AB0): All versions prior to V2.9.7
Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK00-2AB0): All versions
Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-2AB0): All versions prior to V2.9.7
Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-7AB0): All versions prior to V2.9.7
Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-1AB0): All versions prior to V2.9.7
Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-4AB0): All versions prior to V2.9.7
Siemens SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-2AB0): All versions prior to V2.9.7
Siemens SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-7AB0): All versions prior to V2.9.7
Siemens SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0): All versions
Siemens SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-1AB0): All versions prior to V2.9.7
Siemens SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-4AB0): All versions prior to V2.9.7
Siemens SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0): All versions prior to V3.4.29
Siemens SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0): All versions prior to V3.0.37
Siemens SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0): All versions
Siemens SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0): All versions prior to V3.3.11
Siemens SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3): All versions prior to V5.5.2
Siemens SIPLUS NET SCALANCE XC206-2 (6AG1206-2BB00-7AC2): All versions prior to V4.4
Siemens SIPLUS NET SCALANCE XC206-2SFP (6AG1206-2BS00-7AC2): All versions prior to V4.4
Siemens SIPLUS NET SCALANCE XC208 (6AG1208-0BA00-7AC2): All versions prior to V4.4
Siemens OpenPCS 7 V9.1: All versions
Siemens SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0): All versions
Siemens SIPLUS NET SCALANCE XC216-4C (6AG1216-4BS00-7AC2): All versions prior to V4.4
Siemens SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0): All versions prior to V3.4.29
Siemens SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0): All versions prior to V3.4.29
Siemens SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-4XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-2XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-4XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1212C AC/DC/RLY (6AG1212-1BE40-2XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-2XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-4XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL (6AG2212-1AE40-1XB0): All versions prior to V4.6.0
Siemens SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0): All versions
Siemens SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-5XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-2XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1214C AC/DC/RLY (6AG1214-1BG40-2XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1214C AC/DC/RLY (6AG1214-1BG40-4XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1214C DC/DC/DC (6AG1214-1AG40-2XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1214C DC/DC/DC (6AG1214-1AG40-4XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1214C DC/DC/DC (6AG1214-1AG40-5XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL (6AG2214-1AG40-1XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1214C DC/DC/RLY (6AG1214-1HG40-4XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1214C DC/DC/RLY (6AG1214-1HG40-5XB0): All versions prior to V4.6.0
Siemens SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0): All versions
Siemens SIPLUS S7-1200 CPU 1214FC DC/DC/DC (6AG1214-1AF40-5XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1214FC DC/DC/RLY (6AG1214-1HF40-5XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-4XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-5XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-2XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-4XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-2XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-4XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-5XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1215C AC/DC/RLY (6AG1215-1BG40-2XB0): All versions prior to V4.6.0
Siemens SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0): All versions
Siemens SIPLUS S7-1200 CPU 1215C DC/DC/DC (6AG1215-1AG40-5XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1200 CPU 1215FC DC/DC/DC (6AG1215-1AF40-5XB0): All versions prior to V4.6.0
Siemens SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK00-2AB0): All versions
Siemens SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-2AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-7AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-2AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-7AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK01-1AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK02-1AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK01-4AB0): All versions prior to V2.9.7
Siemens SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0): All versions
Siemens SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK02-4AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK00-2AB0): All versions
Siemens SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK01-2AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK02-2AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL00-2AB0): All versions
Siemens SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-2AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-7AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-2AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-7AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL00-2AB0): All versions
Siemens SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0): All versions
Siemens SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL01-2AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL02-2AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM01-2AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM02-2AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1515F-2 PN RAIL (6AG2515-2FM02-4AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL (6AG2515-2FM01-2AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1515R-2 PN (6AG1515-2RM00-7AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL (6AG2515-2RM00-4AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN00-2AB0): All versions
Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN00-7AB0): All versions
Siemens SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0): All versions
Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-2AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-7AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-2AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-7AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL (6AG2516-3AN02-4AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL (6AG2516-3AN01-4AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN00-2AB0): All versions
Siemens SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN01-2AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN02-2AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-2AB0): All versions prior to V2.9.7
Siemens SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0): All versions
Siemens SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-4AB0): All versions prior to V2.9.7
Siemens SIPLUS S7-1500 CPU 1517H-3 PN (6AG1517-3HP00-4AB0): All versions prior to V3.0.1
Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP (6AG1518-4AP00-4AB0): All versions prior to V3.0.1
Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0): All versions prior to V3.0.1
Siemens SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0): All versions prior to V3.0.1
Siemens SIPLUS S7-1500 CPU 1518HF-4 PN (6AG1518-4JP00-4AB0): All versions prior to V3.0.1
Siemens SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0): All versions prior to V2.4.8
Siemens SIRIUS Safety ES V17 (TIA Portal): All versions prior to V17 Update 5
Siemens SIRIUS Soft Starter ES V15.1 (TIA Portal): All versions
Siemens SIRIUS Soft Starter ES V16 (TIA Portal): All versions
Siemens SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0): All versions
Siemens SIRIUS Soft Starter ES V17 (TIA Portal): All versions prior to V17 Update 5
Siemens TeleControl Server Basic V3: All versions prior to V3.1.1
Siemens TIA Administrator: All versions prior to V1.0.8
Siemens TIA Portal Cloud V16: All versions
Siemens TIA Portal Cloud V17: All versions prior to V2.3
Siemens TIM 1531 IRC (6GK7543-1MX00-0XE0): All versions prior to V2.4.8
Siemens SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6): All versions
Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC): All versions only when running on ROX II prior to V2.15.1
Siemens SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0): All versions
Siemens SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6): All versions
Siemens SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0): All versions
Siemens SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0): All versions
Siemens SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0): All versions
Siemens SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0): All versions
Siemens SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0): All versions
Siemens SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0): All versions
Siemens SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0): All versions
Siemens SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0): All versions
Siemens RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2): All versions prior to V7.2
Siemens SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0): All versions
Siemens SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0): All versions
Siemens SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0): All versions
Siemens SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6): All versions
Siemens SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0): All versions
Siemens SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0): All versions
Siemens SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6): All versions
Siemens SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0): All versions
Siemens SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0): All versions
Siemens SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0): All versions
Siemens RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2): All versions prior to V7.2
Siemens SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0): All versions
Siemens SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0): All versions
Siemens SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0): All versions
Siemens SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0): All versions
Siemens SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0): All versions
Siemens SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0): All versions
Siemens SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0): All versions
Siemens SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0): All versions
Siemens SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0): All versions
Siemens SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0): All versions
Siemens RUGGEDCOM ROX MX5000: All versions prior to V2.15.1
Siemens SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0): All versions
Siemens SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0): All versions
Siemens SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0): All versions
Siemens SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0): All versions
Siemens SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0): All versions
Siemens SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0): All versions
Siemens SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0): All versions
Siemens SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0): All versions
Siemens SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0): All versions
Siemens SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0): All versions

3.2 VULNERABILITY OVERVIEW

3.2.1 LOOP WITH UNREACHABLE EXIT CONDITION (‘INFINITE LOOP’) CWE-835

The BN_mod_sqrt() function in openSSL, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters.

CVE-2022-0778 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Siemens reported this vulnerability to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

TIA Administrator: Disable web server within the device configuration if it is not used or limit access to the web server on a particular Ethernet/PROFINET port/interface if possible (setting is under General / Web server access).
SIMATIC PCS 7 V9.1: For the unfixed component in this version (OpenPCS 7): Restrict access to the OPC UA interface of OpenPCS 7 to trusted systems
OpenPCS 7 V8.2, OpenPCS 7 V9.0, OpenPCS 7 V9.1: Restrict access to the OPC UA interface to trusted systems
OpenPCS 7 V8.2, OpenPCS 7 V9.0, OpenPCS 7 V9.1, SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0), SCALANCE X204-2 (6GK5204-2BB10-2AA3), SCALANCE X204-2FM (6GK5204-2BB11-2AA3), SCALANCE X204-2LD (6GK5204-2BC10-2AA3), SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2), SCALANCE X204-2TS (6GK5204-2BB10-2CA2), SCALANCE X206-1 (6GK5206-1BB10-2AA3), SCALANCE X206-1LD (6GK5206-1BC10-2AA3), SCALANCE X208 (6GK5208-0BA10-2AA3), SCALANCE X208PRO (6GK5208-0HA10-2AA6), SCALANCE X212-2 (6GK5212-2BB00-2AA3), SCALANCE X212-2LD (6GK5212-2BC00-2AA3), SCALANCE X216 (6GK5216-0BA00-2AA3), SCALANCE X224 (6GK5224-0BA00-2AA3), SCALANCE XF204 (6GK5204-0BA00-2AF2), SCALANCE XF204-2 (6GK5204-2BC00-2AF2), SCALANCE XF206-1 (6GK5206-1BC00-2AF2), SCALANCE XF208 (6GK5208-0BA00-2AF2), Security Configuration Tool (SCT), SIMATIC CP 1626 (6GK1162-6AA01), SIMATIC CP 1628 (6GK1162-8AA00), SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0), SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0), SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ00-0AB0), SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ00-0AB0), SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK00-0AB0), SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK00-0AB0), SIMATIC NET PC Software V14, SIMATIC NET PC Software V15, SIMATIC PCS 7 V8.2, SIMATIC PCS 7 V9.0, SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK00-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL00-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL00-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM00-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM00-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN00-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN00-0AB0), SIMATIC STEP 7 V15.1, SIMATIC STEP 7 V16, SIMATIC WinCC V15.1, SIMATIC WinCC V16, SIMATIC WinCC V7.3, SIMOCODE ES V15.1, SIMOCODE ES V16, SIMOTION SCOUT TIA V5.3, SINAMICS DCC V15.1, SINAMICS DCC V16, SINAMICS Startdrive V15.1, SINAMICS Startdrive V16, SINAUT Software ST7sc, SINAUT ST7CC, SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK00-2AB0), SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK00-2AB0), SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK00-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL00-2AB0), SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL00-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN00-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN00-7AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN00-2AB0), SIRIUS Soft Starter ES V15.1 (TIA Portal), SIRIUS Soft Starter ES V16 (TIA Portal), TIA Portal Cloud V16: Currently no fix is planned
SINEC INS: Update to V1.0 SP2 or later version
SINEC NMS: Update to V1.0 SP3 or later version
TIA Administrator: Update to V1.0.8 or later version
SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0): Update to V1.1.80 or later version
SIMATIC Logon V1.6: Update to V1.6 Upd6 or later version
SIMATIC NET PC Software V17: Update to V17 SP1 Update 1 or later version
SIMATIC STEP 7 V17, SIMATIC WinCC V17, SIMOCODE ES V17, SIRIUS Safety ES V17 (TIA Portal), SIRIUS Soft Starter ES V17 (TIA Portal): Update to V17 Update 5 or later version
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000: Update to V2.15.1 or later version
SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0): Update to V2.2.28 or later version
SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0), TIM 1531 IRC (6GK7543-1MX00-0XE0): Update to V2.4.8 or later version
SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0), SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0): Update to V2.9.7 or later version
SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0), SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0), SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0), SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0), SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0), SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0), SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0), SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0), SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0), SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0), SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0), SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0), SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0), SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0), SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0), SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0), SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0), SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0), SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0), SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0), SIPLUS ET 200SP CPU 1510SP F-1 PN (6AG1510-1SJ01-2AB0), SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL (6AG2510-1SJ01-1AB0), SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-2AB0), SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-7AB0), SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-1AB0), SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-4AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-2AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-7AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-1AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-4AB0), SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-2AB0), SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-7AB0), SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-1AB0), SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-4AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-2AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-7AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-2AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-7AB0), SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK01-1AB0), SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK02-1AB0), SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK01-4AB0), SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK02-4AB0), SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK01-2AB0), SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK02-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-7AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-7AB0), SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL01-2AB0), SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL02-2AB0), SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM01-2AB0), SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM02-2AB0), SIPLUS S7-1500 CPU 1515F-2 PN RAIL (6AG2515-2FM02-4AB0), SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL (6AG2515-2FM01-2AB0), SIPLUS S7-1500 CPU 1515R-2 PN (6AG1515-2RM00-7AB0), SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL (6AG2515-2RM00-4AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-7AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-7AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL (6AG2516-3AN02-4AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL (6AG2516-3AN01-4AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN01-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN02-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-4AB0): Update to V2.9.7 or later version
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): Update to V21.9.7 or later version
SIMATIC S7-1500 Software Controller V2: Update to V21.9.7 or later version
SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0), SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0), SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0), SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0), SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0), SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0), SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0), SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0), SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0), SIPLUS S7-1500 CPU 1517H-3 PN (6AG1517-3HP00-4AB0), SIPLUS S7-1500 CPU 1518-4 PN/DP (6AG1518-4AP00-4AB0), SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0), SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0), SIPLUS S7-1500 CPU 1518HF-4 PN (6AG1518-4JP00-4AB0): Update to V3.0.1 or later version
SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0): Update to V3.0.37 or later version
SINEMA Remote Connect Server: Update to V3.1 or later version
TeleControl Server Basic V3: Update to V3.1.1 or later version
SIMATIC MV540 H (6GF3540-0GE10): Update to V3.3 or later version
SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0): Update to V3.3.11 or later version
SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0): Update to V3.4.29 or later version
SIMATIC PCS neo (Administration Console): Update to V4.0 or later version
SCALANCE X302-7 EEC (230V, coated) (6GK5302-7GD00-3GA3), SCALANCE X302-7 EEC (230V) (6GK5302-7GD00-3EA3), SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3), SCALANCE X302-7 EEC (24V) (6GK5302-7GD00-1EA3), SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3), SCALANCE X302-7 EEC (2x 230V) (6GK5302-7GD00-4EA3), SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3), SCALANCE X302-7 EEC (2x 24V) (6GK5302-7GD00-2EA3), SCALANCE X304-2FE (6GK5304-2BD00-2AA3), SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3), SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3), SCALANCE X307-2 EEC (230V) (6GK5307-2FD00-3EA3), SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3), SCALANCE X307-2 EEC (24V) (6GK5307-2FD00-1EA3), SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3), SCALANCE X307-2 EEC (2x 230V) (6GK5307-2FD00-4EA3), SCALANCE X307-2 EEC (2x 24V, coated) (6GK5307-2FD00-2GA3), SCALANCE X307-2 EEC (2x 24V) (6GK5307-2FD00-2EA3), SCALANCE X307-3 (6GK5307-3BL00-2AA3), SCALANCE X307-3 (6GK5307-3BL10-2AA3), SCALANCE X307-3LD (6GK5307-3BM00-2AA3), SCALANCE X307-3LD (6GK5307-3BM10-2AA3), SCALANCE X308-2 (6GK5308-2FL00-2AA3), SCALANCE X308-2 RD (inkl. SIPLUS variants), SCALANCE X308-2LD (6GK5308-2FM00-2AA3), SCALANCE X308-2LD (6GK5308-2FM10-2AA3), SCALANCE X308-2LH (6GK5308-2FN00-2AA3), SCALANCE X308-2LH (6GK5308-2FN10-2AA3), SCALANCE X308-2LH+ (6GK5308-2FP00-2AA3), SCALANCE X308-2LH+ (6GK5308-2FP10-2AA3), SCALANCE X308-2M (6GK5308-2GG00-2AA2), SCALANCE X308-2M (6GK5308-2GG10-2AA2), SCALANCE X308-2M PoE (6GK5308-2QG00-2AA2), SCALANCE X308-2M PoE (6GK5308-2QG10-2AA2), SCALANCE X308-2M TS (6GK5308-2GG00-2CA2), SCALANCE X308-2M TS (6GK5308-2GG10-2CA2), SCALANCE X310 (6GK5310-0FA00-2AA3), SCALANCE X310 (6GK5310-0FA10-2AA3), SCALANCE X310FE (6GK5310-0BA00-2AA3), SCALANCE X310FE (6GK5310-0BA10-2AA3), SCALANCE X320-1 FE (6GK5320-1BD00-2AA3), SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3), SCALANCE X408-2 (6GK5408-2FD00-2AA2), SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2), SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG10-3AR2), SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2), SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG10-3HR2), SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2), SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2), SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2), SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2), SCALANCE XR324-12M TS (24V) (6GK5324-0GG00-1CR2), SCALANCE XR324-12M TS (24V) (6GK5324-0GG10-1CR2), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-3ER2), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-3ER2), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-3JR2), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-3JR2), SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2), SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2), SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG00-1JR2), SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-4ER2), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-4ER2), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-4JR2), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-4JR2), SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2), SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2), SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2), SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2), SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2), SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG10-3AR2), SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2), SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG10-3HR2), SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2), SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG10-1AR2), SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2), SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG10-1HR2), SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2), SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG10-1CR2): Update to V4.1.7 or later version
SCALANCE XB205-3 (SC, PN) (6GK5205-3BB00-2AB2), SCALANCE XB205-3 (ST, E/IP) (6GK5205-3BB00-2TB2), SCALANCE XB205-3 (ST, E/IP) (6GK5205-3BD00-2TB2), SCALANCE XB205-3 (ST, PN) (6GK5205-3BD00-2AB2), SCALANCE XB205-3LD (SC, E/IP) (6GK5205-3BF00-2TB2), SCALANCE XB205-3LD (SC, PN) (6GK5205-3BF00-2AB2), SCALANCE XB208 (E/IP) (6GK5208-0BA00-2TB2), SCALANCE XB208 (PN) (6GK5208-0BA00-2AB2), SCALANCE XB213-3 (SC, E/IP) (6GK5213-3BD00-2TB2), SCALANCE XB213-3 (SC, PN) (6GK5213-3BD00-2AB2), SCALANCE XB213-3 (ST, E/IP) (6GK5213-3BB00-2TB2), SCALANCE XB213-3 (ST, PN) (6GK5213-3BB00-2AB2), SCALANCE XB213-3LD (SC, E/IP) (6GK5213-3BF00-2TB2), SCALANCE XB213-3LD (SC, PN) (6GK5213-3BF00-2AB2), SCALANCE XB216 (E/IP) (6GK5216-0BA00-2TB2), SCALANCE XB216 (PN) (6GK5216-0BA00-2AB2), SCALANCE XC206-2 (SC) (6GK5206-2BD00-2AC2), SCALANCE XC206-2 (ST/BFOC) (6GK5206-2BB00-2AC2), SCALANCE XC206-2G PoE (6GK5206-2RS00-2AC2), SCALANCE XC206-2G PoE (54 V DC) (6GK5206-2RS00-5AC2), SCALANCE XC206-2G PoE EEC (54 V DC) (6GK5206-2RS00-5FC2), SCALANCE XC206-2SFP (6GK5206-2BS00-2AC2), SCALANCE XC206-2SFP EEC (6GK5206-2BS00-2FC2), SCALANCE XC206-2SFP G (6GK5206-2GS00-2AC2), SCALANCE XC206-2SFP G (EIP DEF.) (6GK5206-2GS00-2TC2), SCALANCE XC206-2SFP G EEC (6GK5206-2GS00-2FC2), SCALANCE XC208 (6GK5208-0BA00-2AC2), SCALANCE XC208EEC (6GK5208-0BA00-2FC2), SCALANCE XC208G (6GK5208-0GA00-2AC2), SCALANCE XC208G (EIP def.) (6GK5208-0GA00-2TC2), SCALANCE XC208G EEC (6GK5208-0GA00-2FC2), SCALANCE XC208G PoE (6GK5208-0RA00-2AC2), SCALANCE XC208G PoE (54 V DC) (6GK5208-0RA00-5AC2), SCALANCE XC216 (6GK5216-0BA00-2AC2), SCALANCE XC216-3G PoE (6GK5216-3RS00-2AC2), SCALANCE XC216-3G PoE (54 V DC) (6GK5216-3RS00-5AC2), SCALANCE XC216-4C (6GK5216-4BS00-2AC2), SCALANCE XC216-4C G (6GK5216-4GS00-2AC2), SCALANCE XC216-4C G (EIP Def.) (6GK5216-4GS00-2TC2), SCALANCE XC216-4C G EEC (6GK5216-4GS00-2FC2), SCALANCE XC216EEC (6GK5216-0BA00-2FC2), SCALANCE XC224 (6GK5224-0BA00-2AC2), SCALANCE XC224-4C G (6GK5224-4GS00-2AC2), SCALANCE XC224-4C G (EIP Def.) (6GK5224-4GS00-2TC2), SCALANCE XC224-4C G EEC (6GK5224-4GS00-2FC2), SCALANCE XF204 (6GK5204-0BA00-2GF2), SCALANCE XF204 DNA (6GK5204-0BA00-2YF2), SCALANCE XF204-2BA (6GK5204-2AA00-2GF2), SCALANCE XF204-2BA DNA (6GK5204-2AA00-2YF2), SCALANCE XP208 (6GK5208-0HA00-2AS6), SCALANCE XP208 (Ethernet/IP) (6GK5208-0HA00-2TS6), SCALANCE XP208EEC (6GK5208-0HA00-2ES6), SCALANCE XP208PoE EEC (6GK5208-0UA00-5ES6), SCALANCE XP216 (6GK5216-0HA00-2AS6), SCALANCE XP216 (Ethernet/IP) (6GK5216-0HA00-2TS6), SCALANCE XP216EEC (6GK5216-0HA00-2ES6), SCALANCE XP216POE EEC (6GK5216-0UA00-5ES6), SCALANCE XR324WG (24 x FE, AC 230V) (6GK5324-0BA00-3AR3), SCALANCE XR324WG (24 X FE, DC 24V) (6GK5324-0BA00-2AR3), SCALANCE XR326-2C PoE WG (6GK5326-2QS00-3AR3), SCALANCE XR326-2C PoE WG (without UL) (6GK5326-2QS00-3RR3), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (6GK5328-4FS00-2AR3), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (6GK5328-4FS00-2RR3), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (6GK5328-4FS00-3AR3), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (6GK5328-4FS00-3RR3), SCALANCE XR328-4C WG (28xGE, AC 230V) (6GK5328-4SS00-3AR3), SCALANCE XR328-4C WG (28xGE, DC 24V) (6GK5328-4SS00-2AR3), SIPLUS NET SCALANCE XC206-2 (6AG1206-2BB00-7AC2), SIPLUS NET SCALANCE XC206-2SFP (6AG1206-2BS00-7AC2), SIPLUS NET SCALANCE XC208 (6AG1208-0BA00-7AC2), SIPLUS NET SCALANCE XC216-4C (6AG1216-4BS00-7AC2): Update to V4.4 or later version
SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/DC (6ES7212-1AE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/Rly (6ES7212-1HE40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/DC (6ES7212-1AF40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/Rly (6ES7212-1HF40-0XB0), SIMATIC S7-1200 CPU 1214C AC/DC/Rly (6ES7214-1BG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/DC (6ES7214-1AG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/Rly (6ES7214-1HG40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/DC (6ES7214-1AF40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/Rly (6ES7214-1HF40-0XB0), SIMATIC S7-1200 CPU 1215C AC/DC/Rly (6ES7215-1BG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/DC (6ES7215-1AG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/Rly (6ES7215-1HG40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/DC (6ES7215-1AF40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/Rly (6ES7215-1HF40-0XB0), SIMATIC S7-1200 CPU 1217C DC/DC/DC (6ES7217-1AG40-0XB0), SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-4XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-2XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-4XB0), SIPLUS S7-1200 CPU 1212C AC/DC/RLY (6AG1212-1BE40-2XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-2XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-4XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL (6AG2212-1AE40-1XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-5XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-2XB0), SIPLUS S7-1200 CPU 1214C AC/DC/RLY (6AG1214-1BG40-2XB0), SIPLUS S7-1200 CPU 1214C AC/DC/RLY (6AG1214-1BG40-4XB0), SIPLUS S7-1200 CPU 1214C DC/DC/DC (6AG1214-1AG40-2XB0), SIPLUS S7-1200 CPU 1214C DC/DC/DC (6AG1214-1AG40-4XB0), SIPLUS S7-1200 CPU 1214C DC/DC/DC (6AG1214-1AG40-5XB0), SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL (6AG2214-1AG40-1XB0), SIPLUS S7-1200 CPU 1214C DC/DC/RLY (6AG1214-1HG40-4XB0), SIPLUS S7-1200 CPU 1214C DC/DC/RLY (6AG1214-1HG40-5XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/DC (6AG1214-1AF40-5XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/RLY (6AG1214-1HF40-5XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-4XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-5XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-5XB0), SIPLUS S7-1200 CPU 1215C AC/DC/RLY (6AG1215-1BG40-2XB0), SIPLUS S7-1200 CPU 1215C DC/DC/DC (6AG1215-1AG40-5XB0), SIPLUS S7-1200 CPU 1215FC DC/DC/DC (6AG1215-1AF40-5XB0): Update to V4.6.0 or later version
SIMATIC S7-PLCSIM Advanced: Update to V5.0 or later version
SIMOTION: Update to V5.5.1 or later version
SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3), SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3), SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6), SCALANCE X202-2IRT (6GK5202-2BB00-2BA3), SCALANCE X202-2IRT (6GK5202-2BB10-2BA3), SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3), SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6), SCALANCE X204IRT (6GK5204-0BA00-2BA3), SCALANCE X204IRT (6GK5204-0BA10-2BA3), SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6), SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2), SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2), SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2), SCALANCE XF204IRT (6GK5204-0BA00-2BF2), SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3): Update to V5.5.2 or later version
SIMATIC STEP 7 V5: Update to V5.7 HF4 or later version
RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2), SCALANCE M874-2 (6GK5874-2AA00-2AA2), SCALANCE M874-3 (6GK5874-3AA00-2AA2), SCALANCE M876-3 (6GK5876-3AA02-2BA2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2), SCALANCE M876-4 (6GK5876-4AA10-2BA2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2): Update to V7.2 or later version
SIMATIC WinCC V7.4: Update to V7.4 SP1 Update 22 or later version
SIMATIC WinCC V7.5: Update to V7.5 SP2 Update 16 or later version
SCALANCE W1750D (JP) (6GK5750-2HX01-1AD0), SCALANCE W1750D (ROW) (6GK5750-2HX01-1AA0), SCALANCE W1750D (USA) (6GK5750-2HX01-1AB0): Update to V8.7.1.11 or later version
SIMATIC PCS 7 TeleControl: Update to V9.1 Update 1 or later version
SIMATIC PCS 7 V9.1: Update to V9.1 SP2 UC04 or later version
SIMATIC PDM: Update to V9.2 SP2 or later version
Industrial Edge – OPC UA Connector, Industrial Edge – SIMATIC S7 Connector App: Use the Edge Management System to update to V1.7 or later version
RUGGEDCOM CROSSBOW Station Access Controller (SAC): Update ROX II to V2.15.1 or later version
SCALANCE LPE9403 (6GK5998-3GS00-2AC2): Update to V2.0 or later version
SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2): Update to V2.3.1 or later version
SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0): Update to V2.0 or later version
SCALANCE XM408-4C (6GK5408-4GP00-2AM2), SCALANCE XM408-4C (L3 int.) (6GK5408-4GQ00-2AM2), SCALANCE XM408-8C (6GK5408-8GS00-2AM2), SCALANCE XM408-8C (L3 int.) (6GK5408-8GR00-2AM2), SCALANCE XM416-4C (6GK5416-4GS00-2AM2), SCALANCE XM416-4C (L3 int.) (6GK5416-4GR00-2AM2), SCALANCE XR524-8C, 1x230V (6GK5524-8GS00-3AR2), SCALANCE XR524-8C, 1x230V (L3 int.) (6GK5524-8GR00-3AR2), SCALANCE XR524-8C, 24V (6GK5524-8GS00-2AR2), SCALANCE XR524-8C, 24V (L3 int.) (6GK5524-8GR00-2AR2), SCALANCE XR524-8C, 2x230V (6GK5524-8GS00-4AR2), SCALANCE XR524-8C, 2x230V (L3 int.) (6GK5524-8GR00-4AR2), SCALANCE XR526-8C, 1x230V (6GK5526-8GS00-3AR2), SCALANCE XR526-8C, 1x230V (L3 int.) (6GK5526-8GR00-3AR2), SCALANCE XR526-8C, 24V (6GK5526-8GS00-2AR2), SCALANCE XR526-8C, 24V (L3 int.) (6GK5526-8GR00-2AR2), SCALANCE XR526-8C, 2x230V (6GK5526-8GS00-4AR2), SCALANCE XR526-8C, 2x230V (L3 int.) (6GK5526-8GR00-4AR2), SCALANCE XR528-6M (6GK5528-0AA00-2AR2), SCALANCE XR528-6M (2HR2, L3 int.) (6GK5528-0AR00-2HR2), SCALANCE XR528-6M (2HR2) (6GK5528-0AA00-2HR2), SCALANCE XR528-6M (L3 int.) (6GK5528-0AR00-2AR2), SCALANCE XR552-12M (6GK5552-0AA00-2AR2), SCALANCE XR552-12M (2HR2, L3 int.) (6GK5552-0AR00-2AR2), SCALANCE XR552-12M (2HR2) (6GK5552-0AA00-2HR2), SCALANCE XR552-12M (2HR2) (6GK5552-0AR00-2HR2): Update to V6.5 or later version
SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00), SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00): Update to V1.9 or later version
SIMATIC HMI Unified Comfort Panels family: Update to V18 or later version
SIMATIC MV540 S (6GF3540-0CD10), SIMATIC MV550 H (6GF3550-0GE10), SIMATIC MV550 S (6GF3550-0CD10), SIMATIC MV560 U (6GF3560-0LE10), SIMATIC MV560 X (6GF3560-0HE10): Update to V3.3 or later version
SIMATIC NET PC Software V16: Update to V16 Update 6 or later version
SIMATIC Process Historian OPC UA Server: Update to V2020 SP1 Update 1 or later version In the context of SIMATIC PCS neo, update to SIMATIC PCS neo V4.0 or later version (https://support.industry.siemens.com/cs/ww/de/view/109814551/); in the context of SIMATIC PCS 7, update to SIMATIC PCS 7 V9.1 SP2 or later version (https://support.industry.siemens.com/cs/ww/en/view/109812240/); in the context of SIMATIC WinCC, contact local support
SIMATIC RF166C (6GT2002-0EE20), SIMATIC RF185C (6GT2002-0JE10), SIMATIC RF186C (6GT2002-0JE20), SIMATIC RF186CI (6GT2002-0JE50), SIMATIC RF188C (6GT2002-0JE40), SIMATIC RF188CI (6GT2002-0JE60): Update to V2.0.1 or later version
SIMATIC RF360R (6GT2801-5BA30): Update to V2.0.1 or later version
SIMATIC RF610R (6GT2811-6BC10), SIMATIC RF615R (6GT2811-6CC10), SIMATIC RF650R (6GT2811-6AB20), SIMATIC RF680R (6GT2811-6AA10), SIMATIC RF685R (6GT2811-6CA10): Update to V4.0.1 or later version
SIMATIC WinCC Unified (TIA Portal): Update to V17 Update 5 or later version
SIMOTION SCOUT TIA V5.4, SINAMICS Startdrive V17: Update SIMATIC STEP 7 V17 to V17 Update 5 or later version
TIA Portal Cloud V17: TIA Portal Cloud V2.3 or later version updated TIA Portal to V17 Update 5 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information see the associated Siemens security advisory SSA-712929 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

September 16, 2025: Initial Republication of Siemens SSA-712929

Siemens SIMATIC NET CP, SINEMA, and SCALANCE

Written by Admin @CloudCentric on September 16, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SIMATIC NET CP, SINEMA and SCALANCE
Vulnerabilities: Integer Overflow or Wraparound

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service (DoS) condition in the affected devices by exploiting integer overflow bugs.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

Siemens RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2): < V7.1
Siemens SCALANCE M874-3 (6GK5874-3AA00-2AA2): < V7.1
Siemens SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2): < V7.1
Siemens SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2): < V7.1
Siemens SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2): < V7.1
Siemens SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2): < V7.1
Siemens SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1): < V7.1
Siemens SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1): < V7.1
Siemens SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1): < V7.1
Siemens SCALANCE S615 (6GK5615-0AA00-2AA2): < V7.1
Siemens SCALANCE SC622-2C (6GK5622-2GS00-2AC2): < V2.3 (CVE-2021-41991)
Siemens RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2): < V7.1
Siemens SCALANCE SC632-2C (6GK5632-2GS00-2AC2): < V2.3 (CVE-2021-41991)
Siemens SCALANCE SC636-2C (6GK5636-2GS00-2AC2): < V2.3 (CVE-2021-41991)
Siemens SCALANCE SC642-2C (6GK5642-2GS00-2AC2): < V2.3 (CVE-2021-41991)
Siemens SCALANCE SC646-2C (6GK5646-2GS00-2AC2): < V2.3 (CVE-2021-41991)
Siemens SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0): < V3.3.46 (CVE-2021-41991)
Siemens SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0): < V3.3.46 (CVE-2021-41991)
Siemens SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0): < V3.3.46 (CVE-2021-41991)
Siemens SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0): < V3.3.46 (CVE-2021-41991)
Siemens SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0): < V3.3.46 (CVE-2021-41991)
Siemens SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0): < V2.2.28 (CVE-2021-41991)
Siemens SCALANCE M804PB (6GK5804-0AP00-2AA2): < V7.1
Siemens SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0): < V2.2.28 (CVE-2021-41991)
Siemens SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0): < V2.2.28 (CVE-2021-41991)
Siemens SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0): < V2.2.28 (CVE-2021-41991)
Siemens SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0): < V1.1 (CVE-2021-41991)
Siemens SINEMA Remote Connect Server: < V3.1 (CVE-2021-41991)
Siemens SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0): < V2.2.28 (CVE-2021-41991)
Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0): < V2.2.28 (CVE-2021-41991)
Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0): < V2.2.28 (CVE-2021-41991)
Siemens SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0): < V3.3.46 (CVE-2021-41991)
Siemens SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0): < V3.0.22 (CVE-2021-41991)
Siemens SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2): < V7.1
Siemens SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0): < V3.3.46 (CVE-2021-41991)
Siemens SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0): < V3.3.46 (CVE-2021-41991)
Siemens SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2): < V7.1
Siemens SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2): < V7.1
Siemens SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2): < V7.1
Siemens SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2): < V7.1
Siemens SCALANCE M874-2 (6GK5874-2AA00-2AA2): < V7.1

3.2 VULNERABILITY OVERVIEW

3.2.1 INTEGER OVERFLOW OR WRAPAROUND CWE-190

The gmp plugin in strongSwan before version 5.9.4 has a remote integer overflow vulnerability via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.

CVE-2021-41990 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.2.2 INTEGER OVERFLOW OR WRAPAROUND CWE-190

The in-memory certificate cache in strongSwan before version 5.9.4 has a remote integer overflow vulnerability upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. This could lead to a denial of service (DoS) condition. Remote code execution can’t be excluded completely, but it would require attackers to have control over the dereferenced memory, so it is very unlikely.

CVE-2021-41991 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Siemens ProductCERT reported these vulnerabilities to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2), SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2), SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2), SCALANCE M874-2 (6GK5874-2AA00-2AA2), SCALANCE M874-3 (6GK5874-3AA00-2AA2), SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1), SCALANCE S615 (6GK5615-0AA00-2AA2): Update to V7.1 or later version
(CVE-2021-41991) SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0), SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0): Only deploy certificates via TIA portal that got created with TIA portal
(CVE-2021-41991) SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0): Update to V2.2.28 or later version
(CVE-2021-41991) SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0): Update to V3.3.46 or later version
(CVE-2021-41991) SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0): Update to V1.1 or later version
(CVE-2021-41991) SINEMA Remote Connect Server: Update to V3.1 or later version
(CVE-2021-41991) SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2): Update to V2.3 or later version
(CVE-2021-41991) SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0): Update to V3.0.22 or later version

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-539476 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

September 16, 2025: Initial Republication of Siemens ProductCERT SSA-539476

Siemens OpenSSL Vulnerability in Industrial Products

Written by Admin @CloudCentric on September 16, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 7.4
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: INDUSTRIAL EDGE, RUGGEDCOM, SCALANCE, SIMATIC, SINEC, SINEMA, SINUMERIK, SIPLUS, TIA
Vulnerability: Out-of-bounds Read

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial-of-service condition.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

Siemens Industrial Edge – Machine Insight App: All versions
Siemens RUGGEDCOM ROX RX1510: All versions prior to V2.15.0
Siemens SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6): All versions prior to V5.5.2
Siemens SCALANCE X202-2IRT (6GK5202-2BB00-2BA3): All versions prior to V5.5.2
Siemens SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3): All versions prior to V5.5.2
Siemens SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6): All versions prior to V5.5.2
Siemens SCALANCE X204-2 (6GK5204-2BB10-2AA3): All versions prior to V5.2.6
Siemens SCALANCE X204-2FM (6GK5204-2BB11-2AA3): All versions prior to V5.2.6
Siemens SCALANCE X204-2LD (6GK5204-2BC10-2AA3): All versions prior to V5.2.6
Siemens SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2): All versions prior to V5.2.6
Siemens SCALANCE X204-2TS (6GK5204-2BB10-2CA2): All versions prior to V5.2.6
Siemens SCALANCE X204IRT (6GK5204-0BA00-2BA3): All versions prior to V5.5.2
Siemens RUGGEDCOM ROX RX1511: All versions prior to V2.15.0
Siemens SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6): All versions prior to V5.5.2
Siemens SCALANCE X206-1 (6GK5206-1BB10-2AA3): All versions prior to V5.2.6
Siemens SCALANCE X206-1LD (6GK5206-1BC10-2AA3): All versions prior to V5.2.6
Siemens SCALANCE X208 (6GK5208-0BA10-2AA3): All versions prior to V5.2.6
Siemens SCALANCE X208PRO (6GK5208-0HA10-2AA6): All versions prior to V5.2.6
Siemens SCALANCE X212-2 (6GK5212-2BB00-2AA3): All versions prior to V5.2.6
Siemens SCALANCE X212-2LD (6GK5212-2BC00-2AA3): All versions prior to V5.2.6
Siemens SCALANCE X216 (6GK5216-0BA00-2AA3): All versions prior to V5.2.6
Siemens SCALANCE X224 (6GK5224-0BA00-2AA3): All versions prior to V5.2.6
Siemens SCALANCE X302-7 EEC (230V, coated) (6GK5302-7GD00-3GA3): All versions prior to V4.1.4
Siemens RUGGEDCOM ROX RX1512: All versions prior to V2.15.0
Siemens SCALANCE X302-7 EEC (230V) (6GK5302-7GD00-3EA3): All versions prior to V4.1.4
Siemens SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3): All versions prior to V4.1.4
Siemens SCALANCE X302-7 EEC (24V) (6GK5302-7GD00-1EA3): All versions prior to V4.1.4
Siemens SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3): All versions prior to V4.1.4
Siemens SCALANCE X302-7 EEC (2x 230V) (6GK5302-7GD00-4EA3): All versions prior to V4.1.4
Siemens SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3): All versions prior to V4.1.4
Siemens SCALANCE X302-7 EEC (2x 24V) (6GK5302-7GD00-2EA3): All versions prior to V4.1.4
Siemens SCALANCE X304-2FE (6GK5304-2BD00-2AA3): All versions prior to V4.1.4
Siemens SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3): All versions prior to V4.1.4
Siemens SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3): All versions prior to V4.1.4
Siemens RUGGEDCOM ROX RX1524: All versions prior to V2.15.0
Siemens SCALANCE X307-2 EEC (230V) (6GK5307-2FD00-3EA3): All versions prior to V4.1.4
Siemens SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3): All versions prior to V4.1.4
Siemens SCALANCE X307-2 EEC (24V) (6GK5307-2FD00-1EA3): All versions prior to V4.1.4
Siemens SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3): All versions prior to V4.1.4
Siemens SCALANCE X307-2 EEC (2x 230V) (6GK5307-2FD00-4EA3): All versions prior to V4.1.4
Siemens SCALANCE X307-2 EEC (2x 24V, coated) (6GK5307-2FD00-2GA3): All versions prior to V4.1.4
Siemens SCALANCE X307-2 EEC (2x 24V) (6GK5307-2FD00-2EA3): All versions prior to V4.1.4
Siemens SCALANCE X307-3 (6GK5307-3BL00-2AA3): All versions prior to V4.1.4
Siemens SCALANCE X307-3 (6GK5307-3BL10-2AA3): All versions prior to V4.1.4
Siemens SCALANCE X307-3LD (6GK5307-3BM10-2AA3): All versions prior to V4.1.4
Siemens RUGGEDCOM ROX RX1536: All versions prior to V2.15.0
Siemens SCALANCE X307-3LD (6GK5307-3BM00-2AA3): All versions prior to V4.1.4
Siemens SCALANCE X308-2 (6GK5308-2FL00-2AA3): All versions prior to V4.1.4
Siemens SCALANCE X308-2 (6GK5308-2FL10-2AA3): All versions prior to V4.1.4
Siemens SCALANCE X308-2LD (6GK5308-2FM00-2AA3): All versions prior to V4.1.4
Siemens SCALANCE X308-2LD (6GK5308-2FM10-2AA3): All versions prior to V4.1.4
Siemens SCALANCE X308-2LH (6GK5308-2FN00-2AA3): All versions prior to V4.1.4
Siemens SCALANCE X308-2LH (6GK5308-2FN10-2AA3): All versions prior to V4.1.4
Siemens SCALANCE X308-2LH+ (6GK5308-2FP00-2AA3): All versions prior to V4.1.4
Siemens SCALANCE X308-2LH+ (6GK5308-2FP10-2AA3): All versions prior to V4.1.4
Siemens SCALANCE X308-2M (6GK5308-2GG00-2AA2): All versions prior to V4.1.4
Siemens RUGGEDCOM ROX RX5000: All versions prior to V2.15.0
Siemens SCALANCE X308-2M (6GK5308-2GG10-2AA2): All versions prior to V4.1.4
Siemens SCALANCE X308-2M PoE (6GK5308-2QG00-2AA2): All versions prior to V4.1.4
Siemens SCALANCE X308-2M PoE (6GK5308-2QG10-2AA2): All versions prior to V4.1.4
Siemens SCALANCE X308-2M TS (6GK5308-2GG00-2CA2): All versions prior to V4.1.4
Siemens SCALANCE X308-2M TS (6GK5308-2GG10-2CA2): All versions prior to V4.1.4
Siemens SCALANCE X310 (6GK5310-0FA00-2AA3): All versions prior to V4.1.4
Siemens SCALANCE X310 (6GK5310-0FA10-2AA3): All versions prior to V4.1.4
Siemens SCALANCE X310FE (6GK5310-0BA00-2AA3): All versions prior to V4.1.4
Siemens SCALANCE X310FE (6GK5310-0BA10-2AA3): All versions prior to V4.1.4
Siemens SCALANCE X320-1 FE (6GK5320-1BD00-2AA3): All versions prior to V4.1.4
Siemens SCALANCE M804PB (6GK5804-0AP00-2AA2): All versions prior to V7.1
Siemens SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3): All versions prior to V4.1.4
Siemens SCALANCE X408-2 (6GK5408-2FD00-2AA2): All versions prior to V4.1.4
Siemens SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2): All versions prior to V5.5.2
Siemens SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2): All versions prior to V5.5.2
Siemens SCALANCE XF204 (6GK5204-0BA00-2AF2): All versions prior to V5.2.6
Siemens SCALANCE XF204-2 (6GK5204-2BC00-2AF2): All versions prior to V5.2.6
Siemens SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2): All versions prior to V5.5.2
Siemens SCALANCE XF204IRT (6GK5204-0BA00-2BF2): All versions prior to V5.5.2
Siemens SCALANCE XF206-1 (6GK5206-1BC00-2AF2): All versions prior to V5.2.6
Siemens SCALANCE XF208 (6GK5208-0BA00-2AF2): All versions prior to V5.2.6
Siemens SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2): All versions prior to V7.1
Siemens SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG10-3AR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG10-3HR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-12M TS (24V) (6GK5324-0GG00-1CR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-12M TS (24V) (6GK5324-0GG10-1CR2): All versions prior to V4.1.4
Siemens SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2): All versions prior to V7.1
Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-3ER2): All versions prior to V4.1.4
Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-3ER2): All versions prior to V4.1.4
Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-3JR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-3JR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2): All versions prior to V4.1.4
Siemens SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2): All versions prior to V4.1.4
Siemens SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG00-1JR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-4ER2): All versions prior to V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-4ER2): All versions prior to V4.1.4
Siemens SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2): All versions prior to V7.1
Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-4JR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-4JR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2): All versions prior to V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2): All versions prior to V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2): All versions prior to V4.1.4
Siemens SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2): All versions prior to V4.1.4
Siemens Industrial Edge – PROFINET IO Connector: All versions prior to V1.1.1
Siemens SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2): All versions prior to V7.1
Siemens SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2): All versions prior to V4.1.4
Siemens SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0): All versions prior to V3.3.46
Siemens SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0): All versions prior to V3.3.46
Siemens SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0): All versions prior to V3.3.46
Siemens SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0): All versions prior to V3.3.46
Siemens SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0): All versions prior to V3.3.46
Siemens SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0): All versions prior to V2.2.28
Siemens SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0): All versions prior to V3.0.22
Siemens SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0): All versions prior to V2.2.28
Siemens SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0): All versions prior to V1.1
Siemens SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2): All versions prior to V7.1
Siemens SIMATIC PCS neo (Administration Console): All versions < V3.1 SP 1
Siemens SIMATIC Process Historian OPC UA Server: All versions prior to V2020 SP1
Siemens SIMATIC S7-1200 CPU family (incl. SIPLUS variants): All versions prior to V4.5.2
Siemens SINEC NMS: All versions prior to V1.0.3
Siemens SINEMA Remote Connect Server: All versions prior to V3.1
Siemens SINEMA Server V14: All versions
Siemens SINUMERIK Operate: All versions prior to V4.95 SP1
Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0): All versions prior to V2.2.28
Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0): All versions prior to V2.2.28
Siemens SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0): All versions prior to V3.3.46
Siemens SCALANCE M874-2 (6GK5874-2AA00-2AA2): All versions prior to V7.1
Siemens SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0): All versions prior to V3.0.22
Siemens SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3): All versions prior to V4.1.4
Siemens SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0): All versions prior to V3.3.46
Siemens SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0): All versions prior to V3.3.46
Siemens TIA Administrator: All versions < V1.0 SP7
Siemens SCALANCE M874-3 (6GK5874-3AA00-2AA2): All versions prior to V7.1
Siemens SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2): All versions prior to V7.1
Siemens SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2): All versions prior to V7.1
Siemens SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2): All versions prior to V7.1
Siemens SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2): All versions prior to V7.1
Siemens SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1): All versions prior to V7.1
Siemens SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1): All versions prior to V7.1
Siemens RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2): All versions prior to V7.1
Siemens SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1): All versions prior to V7.1
Siemens SCALANCE S615 (6GK5615-0AA00-2AA2): All versions prior to V7.1
Siemens SCALANCE SC622-2C (6GK5622-2GS00-2AC2): All versions prior to V2.3
Siemens SCALANCE SC632-2C (6GK5632-2GS00-2AC2): All versions prior to V2.3
Siemens SCALANCE SC636-2C (6GK5636-2GS00-2AC2): All versions prior to V2.3
Siemens SCALANCE SC642-2C (6GK5642-2GS00-2AC2): All versions prior to V2.3
Siemens SCALANCE SC646-2C (6GK5646-2GS00-2AC2): All versions prior to V2.3
Siemens SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0): All versions prior to V3.0.0
Siemens SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0): All versions prior to V3.0.0
Siemens SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0): All versions prior to V3.0.0
Siemens RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2): All versions prior to V7.1
Siemens SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0): All versions prior to V3.0.0
Siemens SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0): All versions prior to V3.0.0
Siemens SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0): All versions prior to V3.0.0
Siemens SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0): All versions
Siemens SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0): All versions
Siemens SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0): All versions
Siemens SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0): All versions
Siemens SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0): All versions
Siemens SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0): All versions
Siemens SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0): All versions
Siemens RUGGEDCOM ROX MX5000: All versions prior to V2.15.0
Siemens SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6): All versions
Siemens SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6): All versions
Siemens SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0): All versions
Siemens SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0): All versions
Siemens SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0): All versions
Siemens SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0): All versions
Siemens SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0): All versions
Siemens SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0): All versions
Siemens SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0): All versions
Siemens SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0): All versions
Siemens RUGGEDCOM ROX MX5000RE: All versions prior to V2.15.0
Siemens SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0): All versions
Siemens SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0): All versions
Siemens SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0): All versions
Siemens SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0): All versions
Siemens SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0): All versions
Siemens SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6): All versions
Siemens SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6): All versions
Siemens SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0): All versions
Siemens SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0): All versions
Siemens SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0): All versions
Siemens RUGGEDCOM ROX RX1400: All versions prior to V2.15.0
Siemens SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0): All versions
Siemens SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0): All versions
Siemens SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0): All versions
Siemens SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0): All versions
Siemens SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0): All versions
Siemens SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0): All versions
Siemens SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0): All versions
Siemens SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0): All versions
Siemens SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0): All versions
Siemens SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0): All versions
Siemens RUGGEDCOM ROX RX1500: All versions prior to V2.15.0
Siemens SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0): All versions
Siemens SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0): All versions
Siemens SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0): All versions
Siemens SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0): All versions
Siemens SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0): All versions
Siemens SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0): All versions
Siemens SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0): All versions
Siemens SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0): All versions
Siemens SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0): All versions
Siemens SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0): All versions
Siemens RUGGEDCOM ROX RX1501: All versions prior to V2.15.0
Siemens SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0): All versions
Siemens SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0): All versions
Siemens SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0): All versions prior to V1.2
Siemens SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0): All versions prior to V1.2
Siemens SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0): All versions prior to V1.2
Siemens SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0): All versions prior to V1.2
Siemens SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0): All versions prior to V1.2
Siemens SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0): All versions prior to V1.2
Siemens SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3): All versions prior to V5.5.2
Siemens SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3): All versions prior to V5.5.2

3.2 VULNERABILITY OVERVIEW

3.2.1 OUT-OF-BOUNDS READ CWE-125

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are represented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL’s own “d2i” functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the “data” and “length” fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the “data” field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

CVE-2021-3712 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Siemens reported this vulnerability to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

Industrial Edge – Machine Insight App, SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0), SINEMA Server V14: Currently no fix is planned
SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0): Update to V2.2.28 or later version
SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3), SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3), SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6), SCALANCE X202-2IRT (6GK5202-2BB00-2BA3), SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3), SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6), SCALANCE X204IRT (6GK5204-0BA00-2BA3), SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6), SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2), SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2), SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2), SCALANCE XF204IRT (6GK5204-0BA00-2BF2): Update to V5.5.2 or later version
SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0): Update to V3.3.46 or later version
SINEC NMS: Update to V1.0.3 or later version
SINEMA Remote Connect Server: Update to V3.1 or later version
SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0): Update to V1.1 or later version
SINUMERIK Operate: Upgrade to V4.95 SP1 or later version SINUMERIK software can be obtained from your local Siemens account manager
SIMATIC S7-1200 CPU family (incl. SIPLUS variants): Update to V4.5.2 or later version
SIMATIC Process Historian OPC UA Server: Update to V2020 SP1 or later version
SIMATIC Process Historian OPC UA Server: For PCS neo customers: Update to PCS neo V3.1 SP1 ( https://support.industry.siemens.com/cs/ww/de/view/109807752/)
SIMATIC Process Historian OPC UA Server: For PCS 7 customers: Update to PCS 7 V9.1 SP1 ( https://support.industry.siemens.com/cs/ww/en/view/109805073/)
SIMATIC Process Historian OPC UA Server: For WinCC customers: contact local support
TIA Administrator: Update to V1.0 SP7 or later version
SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2): Update to V2.3 or later version
SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0): Update to V3.0.22 or later version
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000: Update to V2.15.0 or later version
SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0): Update to V1.2 or later version
SCALANCE X302-7 EEC (230V, coated) (6GK5302-7GD00-3GA3), SCALANCE X302-7 EEC (230V) (6GK5302-7GD00-3EA3), SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3), SCALANCE X302-7 EEC (24V) (6GK5302-7GD00-1EA3), SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3), SCALANCE X302-7 EEC (2x 230V) (6GK5302-7GD00-4EA3), SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3), SCALANCE X302-7 EEC (2x 24V) (6GK5302-7GD00-2EA3), SCALANCE X304-2FE (6GK5304-2BD00-2AA3), SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3), SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3), SCALANCE X307-2 EEC (230V) (6GK5307-2FD00-3EA3), SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3), SCALANCE X307-2 EEC (24V) (6GK5307-2FD00-1EA3), SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3), SCALANCE X307-2 EEC (2x 230V) (6GK5307-2FD00-4EA3), SCALANCE X307-2 EEC (2x 24V, coated) (6GK5307-2FD00-2GA3), SCALANCE X307-2 EEC (2x 24V) (6GK5307-2FD00-2EA3), SCALANCE X307-3 (6GK5307-3BL00-2AA3), SCALANCE X307-3 (6GK5307-3BL10-2AA3), SCALANCE X307-3LD (6GK5307-3BM00-2AA3), SCALANCE X307-3LD (6GK5307-3BM10-2AA3), SCALANCE X308-2 (6GK5308-2FL00-2AA3), SCALANCE X308-2 (6GK5308-2FL10-2AA3), SCALANCE X308-2LD (6GK5308-2FM00-2AA3), SCALANCE X308-2LD (6GK5308-2FM10-2AA3), SCALANCE X308-2LH (6GK5308-2FN00-2AA3), SCALANCE X308-2LH (6GK5308-2FN10-2AA3), SCALANCE X308-2LH+ (6GK5308-2FP00-2AA3), SCALANCE X308-2LH+ (6GK5308-2FP10-2AA3), SCALANCE X308-2M (6GK5308-2GG00-2AA2), SCALANCE X308-2M (6GK5308-2GG10-2AA2), SCALANCE X308-2M PoE (6GK5308-2QG00-2AA2), SCALANCE X308-2M PoE (6GK5308-2QG10-2AA2), SCALANCE X308-2M TS (6GK5308-2GG00-2CA2), SCALANCE X308-2M TS (6GK5308-2GG10-2CA2), SCALANCE X310 (6GK5310-0FA00-2AA3), SCALANCE X310 (6GK5310-0FA10-2AA3), SCALANCE X310FE (6GK5310-0BA00-2AA3), SCALANCE X310FE (6GK5310-0BA10-2AA3), SCALANCE X320-1 FE (6GK5320-1BD00-2AA3), SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3), SCALANCE X408-2 (6GK5408-2FD00-2AA2), SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2), SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG10-3AR2), SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2), SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG10-3HR2), SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2), SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2), SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2), SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2), SCALANCE XR324-12M TS (24V) (6GK5324-0GG00-1CR2), SCALANCE XR324-12M TS (24V) (6GK5324-0GG10-1CR2), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-3ER2), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-3ER2), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-3JR2), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-3JR2), SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2), SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2), SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG00-1JR2), SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-4ER2), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-4ER2), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-4JR2), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-4JR2), SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2), SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2), SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2), SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2), SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2), SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2), SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2), SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2), SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2), SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3): Update to V4.1.4 or later version
Industrial Edge – PROFINET IO Connector: Use the Edge Management System to update to V1.1.1 or later version
RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2), SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2), SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2), SCALANCE M874-2 (6GK5874-2AA00-2AA2), SCALANCE M874-3 (6GK5874-3AA00-2AA2), SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1), SCALANCE S615 (6GK5615-0AA00-2AA2): Update to V7.1 or later version
SIMATIC PCS neo (Administration Console): Update to V3.1 SP 1 or later version
SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0): Update to V3.0.0 or later version
SCALANCE X204-2 (6GK5204-2BB10-2AA3), SCALANCE X204-2FM (6GK5204-2BB11-2AA3), SCALANCE X204-2LD (6GK5204-2BC10-2AA3), SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2), SCALANCE X204-2TS (6GK5204-2BB10-2CA2), SCALANCE X206-1 (6GK5206-1BB10-2AA3), SCALANCE X206-1LD (6GK5206-1BC10-2AA3), SCALANCE X208 (6GK5208-0BA10-2AA3), SCALANCE X208PRO (6GK5208-0HA10-2AA6), SCALANCE X212-2 (6GK5212-2BB00-2AA3), SCALANCE X212-2LD (6GK5212-2BC00-2AA3), SCALANCE X216 (6GK5216-0BA00-2AA3), SCALANCE X224 (6GK5224-0BA00-2AA3), SCALANCE XF204 (6GK5204-0BA00-2AF2), SCALANCE XF204-2 (6GK5204-2BC00-2AF2), SCALANCE XF206-1 (6GK5206-1BC00-2AF2), SCALANCE XF208 (6GK5208-0BA00-2AF2): Update to V5.2.6 or later version

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information see the associated Siemens security advisory SSA-244969 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability has a high attack complexity.

5. UPDATE HISTORY

September 16, 2025: Initial Republication of Siemens SSA-244969

Schneider Electric Altivar Products, ATVdPAC Module, ILC992 InterLink Converter

Written by Admin @CloudCentric on September 16, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 5.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Schneider Electric
Equipment: Altivar products, ATVdPAC module, ILC992 InterLink Converter
Vulnerability: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to read or modify data.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Schneider Electric reports that the following products are affected:

Schneider Electric ATVdPAC module: Versions prior to 25.0
Schneider Electric Altivar Process Drives ATV930: All versions
Schneider Electric Altivar Process Drives ATV950: All versions
Schneider Electric Altivar Process Drives ATV955: All versions
Schneider Electric Altivar Process Drives ATV960: All versions
Schneider Electric Altivar Process Drives ATV980: All versions
Schneider Electric Altivar Process Drives ATV9A0: All versions
Schneider Electric Altivar Process Drives ATV9B0: All versions
Schneider Electric Altivar Process Drives ATV9L0: All versions
Schneider Electric Altivar Process Drives ATV991: All versions
Schneider Electric Altivar Process Drives ATV992: All versions
Schneider Electric Altivar Process Drives ATV993: All versions
Schneider Electric ILC992 InterLink Converter: All versions
Schneider Electric Altivar Machine Drives ATV340E: All versions
Schneider Electric Altivar Process Drives ATV6000 Medium Voltage: All versions
Schneider Electric Altivar Soft Starter ATS490: All versions
Schneider Electric Altivar Process Communication Modules VW3A3720: All versions
Schneider Electric Altivar Process Communication Modules VW3A3721: All versions
Schneider Electric Altivar Process Drives ATV630: All versions
Schneider Electric Altivar Process Drives ATV650: All versions
Schneider Electric Altivar Process Drives ATV660: All versions
Schneider Electric Altivar Process Drives ATV680: All versions
Schneider Electric Altivar Process Drives ATV6A0: All versions
Schneider Electric Altivar Process Drives ATV6B0: All versions
Schneider Electric Altivar Process Drives ATV6L0: All versions

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (‘CROSS-SITE SCRIPTING’) CWE-79

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that could cause an unvalidated data injected by a malicious user potentially leading to modify or read data in a victim’s browser.

CVE-2025-7746 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

A CVSS v4 score has also been calculated for CVE-2025-7746. A base score of 5.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: France

3.4 RESEARCHER

Thomas Weber, David Blagojevic of CyberDanube reported this vulnerability to Schneider Electric.

4. MITIGATIONS

Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:

Schneider Electric ATVdPAC module Versions prior to 25.0: Version 25.0 of VW3A3530D: ATVdPAC module includes a fix for this vulnerability and is available upon request from Schneider Electric’s Customer Care Center.
Schneider Electric ATVdPAC module Versions prior to 25.0: If users choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: End user cybersecurity awareness and workstation protections, Deactivate the Webserver after use when not needed, Setup network segmentation and implement a firewall to block all unauthorized access to port 80/HTTP, Use VPN (Virtual Private Networks) tunnels if remote access is required
Schneider Electric ATV630 Altivar Process Drives All Versions, Schneider Electric ATV650 Altivar Process Drives All Versions, Schneider Electric ATV660 Altivar Process Drives All Versions, Schneider Electric ATV680 Altivar Process Drives All Versions, Schneider Electric ATV6A0 Altivar Process Drives All Versions, Schneider Electric ATV6B0 Altivar Process Drives All Versions, Schneider Electric ATV6L0 Altivar Process Drives All Versions, Schneider Electric ATV930 Altivar Process Drives All Versions, Schneider Electric ATV950 Altivar Process Drives All Versions, Schneider Electric ATV955 Altivar Process Drives All Versions, Schneider Electric ATV960 Altivar Process Drives All Versions, Schneider Electric ATV980 Altivar Process Drives All Versions, Schneider Electric ATV9A0 Altivar Process Drives All Versions, Schneider Electric ATV9B0 Altivar Process Drives All Versions, Schneider Electric ATV9L0 Altivar Process Drives All Versions, Schneider Electric ATV991 Altivar Process Drives All Versions, Schneider Electric ATV992 Altivar Process Drives All Versions, Schneider Electric ATV993 Altivar Process Drives All Versions, Schneider Electric ILC992 InterLink Converter All Versions, Schneider Electric ATV340E Altivar Machine Drives All Versions, Schneider Electric ATV6000 Medium Voltage Altivar Process Drives All Versions, Schneider Electric ATS490 Altivar Soft Starter All Versions, Schneider Electric Altivar Process Communication Modules All Versions: Schneider Electric is establishing a remediation plan for all future versions of these products that will include a fix for this vulnerability. Until then, users should immediately apply the following mitigations to reduce the risk of exploit: End user cybersecurity awareness and workstation protections, Deactivate the Webserver after use when not needed, Setup network segmentation and implement a firewall to block all unauthorized access to port 80/HTTP, Use VPN (Virtual Private Networks) tunnels if remote access is required.

The following product version has been fixed:

ATVdPAC module Version 25.0 is a fixed version for CVE-2025-7746

For more information see the associated Schneider Electric CPCERT security advisory SEVD-2025-252-01 Multiple Altivar Process Drives and Communication Modules – SEVD-2025-252-01 PDF Version, Multiple Altivar Process Drives and Communication Modules – SEVD-2025-252-01 CSAF Version.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

September 16, 2025: Initial Republication of Schneider Electric CPCERT SEVD-2025-252-01

Siemens RUGGEDCOM, SINEC NMS, and SINEMA

Written by Admin @CloudCentric on September 16, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: RUGGEDCOM, SINEC NMS, and SINEMA
Vulnerabilities: NULL Pointer Dereference, Out-of-bounds Write, Server-Side Request Forgery (SSRF)

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service, crash the product, or perform remote code execution.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

Siemens RUGGEDCOM NMS: All versions when using the device firmware upgrade mechanism (CVE-2021-34798)
Siemens SINEC NMS: < V1.0.3
Siemens SINEMA Remote Connect Server: < V3.1 (CVE-2021-34798)
Siemens SINEMA Server V14: All versions

3.2 VULNERABILITY OVERVIEW

3.2.1 NULL POINTER DEREFERENCE CWE-476

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVE-2021-34798 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.2.2 OUT-OF-BOUNDS WRITE CWE-787

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVE-2021-39275 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.3 SERVER-SIDE REQUEST FORGERY (SSRF) CWE-918

A crafted request uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVE-2021-40438 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Siemens ProductCERT reported these vulnerabilities to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

SINEC NMS: Update to V1.0.3 or later version
(CVE-2021-34798) All affected products: Restrict access to the affected systems, especially to port 443/tcp, to trusted IP addresses only
(CVE-2021-34798) RUGGEDCOM NMS, SINEMA Server V14: Currently no fix is planned
(CVE-2021-34798) SINEMA Remote Connect Server: Update to V3.1 or later version
(CVE-2021-39275, CVE-2021-40438) SINEC NMS, SINEMA Server V14: Restrict access to the affected systems, especially to port 443/tcp, to trusted IP addresses only
(CVE-2021-39275, CVE-2021-40438) SINEMA Server V14: Currently no fix is planned

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information see the associated Siemens security advisory SSA-685781 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

September 16, 2025: Initial Republication of Siemens ProductCERT SSA-685781

Delta Electronics DIALink

Written by Admin @CloudCentric on September 16, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 10.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Delta Electronics
Equipment: DIALink
Vulnerabilities: Path Traversal

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Delta Electronics DIALink are affected:

DIALink: Versions V1.6.0.0 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL’) CWE-22

Delta Electronics DIALink has an Improper Limitation of a Pathname to a Restricted Directory vulnerability which could allow an attacker to bypass authentication.

CVE-2025-58320 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).

A CVSS v4 score has also been calculated for CVE-2025-58320. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N).

3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL’) CWE-22

Delta Electronics DIALink has an Improper Limitation of a Pathname to a Restricted Directory vulnerability which could allow an attacker to bypass authentication.

CVE-2025-58321 has been assigned to this vulnerability. A CVSS v3.1 base score of 10 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-58321. A base score of 10 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Taiwan

3.4 RESEARCHER

An anonymous researcher working with Trend Micro’s Zero Day Initiative reported these vulnerabilities to CISA.

4. MITIGATIONS

Delta Electronics recommends users to download and upgrade to DIALink v1.8.0.0 or later. The latest version can be found at the Delta Download Center.

Delta Electronics has the following general recommendations for users to follow:

Don’t click on untrusted Internet links or open unsolicited attachments in emails.
Avoid exposing control systems and equipment to the Internet.
Place systems and devices behind a firewall and isolate them from the business network.
When remote access is required, use a secure access method, such as a virtual private network (VPN).

Users are encouraged to see Delta-PCSA-2025-00016_DIALink for more information.

For more information, contact Delta Electronics.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

September 16, 2025: Initial Publication

Siemens User Management Component (UMC)

Written by Admin @CloudCentric on September 11, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: User Management Component (UMC)
Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial-of-service condition.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

Siemens SIMATIC PCS neo V4.1: All versions
Siemens SIMATIC PCS neo V5.0: All versions
Siemens User Management Component (UMC): Versions prior to 2.15.1.3

3.2 VULNERABILITY OVERVIEW

3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121

Affected products contain a stack-based buffer overflow vulnerability in the integrated UMC component. This vulnerability could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial-of-service condition.

CVE-2025-40795 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-40795. A base score of 9.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.2 OUT-OF-BOUNDS READ CWE-125

Affected products contain an out-of-bounds read vulnerability in the integrated UMC component. This vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service condition.

CVE-2025-40796 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

A CVSS v4 score has also been calculated for CVE-2025-40796. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N).

3.2.3 OUT-OF-BOUNDS READ CWE-125

CVE-2025-40797 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

A CVSS v4 score has also been calculated for CVE-2025-40797. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N).

3.2.4 OUT-OF-BOUNDS READ CWE-125

CVE-2025-40798 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

A CVSS v4 score has also been calculated for CVE-2025-40798. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Tenable reported these vulnerabilities to Siemens.

4. MITIGATIONS

Siemens has released a new version for User Management Component (UMC) and recommends updating to the latest version. Siemens recommends specific countermeasures for products where fixes are not available or are not yet available.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

User Management Component (UMC): Update to V2.15.1.3 or later version.
All affected products: In non-networked scenarios/deployments, block TCP ports 4002 and 4004 on machines with UMC installed. If the deployment is not using the ‘RT Server’ type of UMC machine, port 4004 can be blocked everywhere without impacting network functionality for all other UMC machine-types (Server, Ring-Server, Agent).
SIMATIC PCS neo V4.1, SIMATIC PCS neo V5.0: No fix is currently planned.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information, see the associated Siemens security advisory SSA-722410 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as virtual private networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

September 11, 2025: Initial Republication of Siemens SSA-722410

Siemens SINEC OS

Written by Admin @CloudCentric on September 11, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 2.3
ATTENTION: Exploitable from adjacent network
Vendor: Siemens
Equipment: SINEC OS
Vulnerabilities: Uncontrolled Resource Consumption, Exposure of Sensitive Information to an Unauthorized Actor

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to access non-sensitive information without authentication or potentially cause a temporary denial of service.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

Siemens RUGGEDCOM RST2428P (6GK6242-6PA00): All versions

3.2 VULNERABILITY OVERVIEW

3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400

The affected device may be susceptible to resource exhaustion when subjected to high volumes of query requests. This could allow an attacker to cause a temporary denial of service, with the system recovering once the activity stops.

CVE-2025-40802 has been assigned to this vulnerability. A CVSS v3.1 base score of 3.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

A CVSS v4 score has also been calculated for CVE-2025-40802. A base score of 2.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.2 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200

The affected device exposes certain non-critical information from the device. This could allow an unauthenticated attacker to access sensitive data, potentially leading to a breach of confidentiality.

CVE-2025-40803 has been assigned to this vulnerability. A CVSS v3.1 base score of 3.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-40803. A base score of 2.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Siemens ProductCERT reported these vulnerabilities to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

RUGGEDCOM RST2428P (6GK6242-6PA00): Create a firewall rule that blocks the UDP ports if not required. The device uses UDP 34964 and one port in range 49152-65535 for discovery protocols like LLDP, DCP, MRP etc.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-494539 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely. These vulnerabilities have a high attack complexity.

5. UPDATE HISTORY

September 11, 2025: Initial Republication of Siemens ProductCERT SSA-494539

Schneider Electric Modicon M340, BMXNOE0100, and BMXNOE0110

Written by Admin @CloudCentric on September 11, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 6.9
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Schneider Electric
Equipment: Modicon M340, BMXNOE0100, and BMXNOE0110
Vulnerability: Files or Directories Accessible to External Parties

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow attackers to prevent firmware updates and disrupt the webserver’s proper behavior by removing specific files or directories from the filesystem.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Schneider Electric reports that the following products are affected:

Modicon M340: All versions
Modbus/TCP Ethernet Modicon M340 module: Versions prior to SV3.60
Modbus/TCP Ethernet Modicon M340 FactoryCast module: Versions prior to SV6.80

3.2 VULNERABILITY OVERVIEW

3.2.1 FILES OR DIRECTORIES ACCESSIBLE TO EXTERNAL PARTIES CWE-552

A Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem.

CVE-2024-5056 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).

A CVSS v4 score has also been calculated for CVE-2024-5056. A base score of 6.9 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critical Manufacturing, Energy
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: France

3.4 RESEARCHER

Yanis Wang of DAS-Security reported this vulnerability to Schneider Electric. Schneider Electric reported this vulnerability to CISA.

4. MITIGATIONS

Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:

Modbus/TCP Ethernet Modicon M340 module: Version SV3.60 of BMXNOE0100 includes a fix for this vulnerability and is available for download here.

Modbus/TCP Ethernet Modicon M340 FactoryCast module: Version SV6.80 of BMXNOE0110 includes a fix for this vulnerability and is available for download here.

Schneider Electric is establishing a remediation plan for all future versions of Modicon M340 that will include a fix for this vulnerability. They will provide an update when the remediation is available. Until then, users should immediately apply the following mitigations to reduce the risk of exploit:

Set up network segmentation and implement a firewall to block all unauthorized access to FTP port 21/TCP on the devices.
FTP service is disabled by default. Deactivate the FTP service after use when not needed.
Configure the Access Control List following the recommendations of the user manual “Modicon M340 for Ethernet Communications Modules and Processors User Manual” in chapter “Messaging Configuration Parameters”.

For more information see the associated Schneider Electric CPCERT security advisory SEVD-2024-163-01, SEVD-2024-163-01 CSAF Version.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

September 11, 2025: Initial Republication of Schneider Electric CPCERT SEVD-2024-163-01

Schneider Electric EcoStruxure

Written by Admin @CloudCentric on September 11, 2025. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 4.1
ATTENTION: Exploitable from an adjacent network
Vendor: Schneider Electric
Equipment: EcoStruxure
Vulnerabilities: Uncontrolled Resource Consumption, Exposure of Sensitive Information to an Unauthorized Actor

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition or disclose sensitive credential data.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Schneider Electric products are affected:

EcoStruxure Building Operation Enterprise Server 7.x: Versions prior to 7.0.2.348
EcoStruxure Building Operation Enterprise Server 6.x: Versions prior to 6.0.4.10001 (CP8)
EcoStruxure Building Operation Enterprise Server 5.x: Versions prior to 5.0.3.17009 (CP16)
EcoStruxure Enterprise Server 7.x: Versions prior to 7.0.2.348
EcoStruxure Enterprise Server 6.x: Versions prior to 6.0.4.10001 (CP8)
EcoStruxure Enterprise Server 5.x: Versions prior to 5.0.3.17009 (CP16)
EcoStruxure Workstation 7.x: Versions prior to 7.0.2.348
EcoStruxure Workstation 6.x: Versions prior to 6.0.4.10001 (CP8)
EcoStruxure Workstation 5.x: Versions prior to 5.0.3.17009 (CP16)

3.2 VULNERABILITY OVERVIEW

3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400

Uncontrolled resource consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS network

CVE-2025-8449 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.5 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H).

A CVSS v4 score has also been calculated for CVE-2025-8449. A base score of 4.1 has been calculated; the CVSS vector string is (AV:A/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N).

3.2.2 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200

Exposure of sensitive information to an unauthorized actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products.

CVE-2025-8448 has been assigned to this vulnerability. A CVSS v3.1 base score of 2.3 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-8448. A base score of 1.0 has been calculated; the CVSS vector string is (AV:A/AC:H/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: France

3.4 RESEARCHER

Pentest Limited reported these vulnerabilities to Schneider Electric.

4. MITIGATIONS

Schneider Electric recommends users to update to the following versions of Enterprise Server, Enterprise Central, and Workstation that include a fix for the vulnerabilities:

7.0.2.348
6.0.4.10001 (CP8)
5.0.3.17009 (CP16)

To receive the patch:

Step 1: Locate the appropriate version for your system on the EcoExpert Software Center
Step 2: Follow the installation instructions provided in the accompanying readme file.
Additionally, ensure you are following the EBO hardening guidelines

If users choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit:

Implement strong access controls to limit system access to authorized personnel.
Use multi factor authentication if using EBO version 7.0 or later
Use firewalls to segregate networks and protect the building management system
Regularly monitor system activity

For more information see the associated Schneider Electric CPCERT security advisory SEVD-2025-224-04.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

September 11, 2025: Initial Republication of Schneider Electric SEVD-2025-224-04