icsa-22-104-05
Vulnerability from csaf_cisa
Published
2022-04-14 00:00
Modified
2022-05-12 00:00
Summary
Siemens OpenSSL Vulnerabilities in Industrial Products
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of this vulnerability may allow an unauthenticated attacker to cause a denial-of-service condition if a maliciously crafted renegotiation message is sent.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Exploitability
No known public exploits specifically target this vulnerability.
{ document: { acknowledgments: [ { organization: "Siemens", summary: "reporting this vulnerability to CISA", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en-US", notes: [ { category: "general", text: "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", title: "CISA Disclaimer", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "summary", text: "Successful exploitation of this vulnerability may allow an unauthenticated attacker to cause a denial-of-service condition if a maliciously crafted renegotiation message is sent.", title: "Risk evaluation", }, { category: "other", text: "Critical Manufacturing", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "other", text: "No known public exploits specifically target this vulnerability.", title: "Exploitability", }, ], publisher: { category: "coordinator", contact_details: "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "external", summary: "SSA-772220: OpenSSL Vulnerabilities in Industrial Products - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-772220.json", }, { category: "self", summary: "ICS Advisory ICSA-22-104-05 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-104-05.json", }, { category: "self", summary: "ICS Advisory ICSA-22-104-05 Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-22-104-05", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B", }, { category: "external", summary: "SSA-772220: OpenSSL Vulnerabilities in Industrial Products - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf", }, { category: "external", summary: "SSA-772220: OpenSSL Vulnerabilities in Industrial Products - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-772220.txt", }, ], title: "Siemens OpenSSL Vulnerabilities in Industrial Products", tracking: { current_release_date: "2022-05-12T00:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1.0.0", }, }, id: "ICSA-22-104-05", initial_release_date: "2022-04-14T00:00:00.000000Z", revision_history: [ { date: "2022-04-14T00:00:00.000000Z", legacy_version: "Initial", number: "1", summary: "ICSA-22-104-05 Siemens OpenSSL Vulnerabilities in Industrial Products", }, { date: "2022-05-12T00:00:00.000000Z", legacy_version: "A", number: "2", summary: "ICSA-22-104-05 Siemens OpenSSL Vulnerabilities in Industrial Products (Update A)", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: ">= V5.2.0 < V5.3 only when running on ROX II V2.14.0", product: { name: "RUGGEDCOM CROSSBOW Station Access Controller (SAC)", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "RUGGEDCOM CROSSBOW Station Access Controller (SAC)", }, { branches: [ { category: "product_version_range", name: ">= V6.2 < V7.1", product: { name: "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)", product_id: "CSAFPID-0002", product_identification_helper: { model_numbers: [ "6GK6108-4AM00-2BA2", ], }, }, }, ], category: "product_name", name: "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)", }, { branches: [ { category: "product_version_range", name: ">= V6.2 < V7.1", product: { name: "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)", product_id: "CSAFPID-0003", product_identification_helper: { model_numbers: [ "6GK6108-4AM00-2DA2", ], }, }, }, ], category: "product_name", name: "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)", }, { branches: [ { category: "product_version_range", name: "< V1.1", product: { name: "SCALANCE LPE9403 (6GK5998-3GS00-2AC2)", product_id: "CSAFPID-0004", product_identification_helper: { model_numbers: [ "6GK5998-3GS00-2AC2", ], }, }, }, ], category: "product_name", name: "SCALANCE LPE9403 (6GK5998-3GS00-2AC2)", }, { branches: [ { category: "product_version_range", name: ">= V6.2 < V7.1", product: { name: "SCALANCE M804PB (6GK5804-0AP00-2AA2)", product_id: "CSAFPID-0005", product_identification_helper: { model_numbers: [ "6GK5804-0AP00-2AA2", ], }, }, }, ], category: "product_name", name: "SCALANCE M804PB (6GK5804-0AP00-2AA2)", }, { branches: [ { category: "product_version_range", name: ">= V6.2 < V7.1", product: { name: "SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2)", product_id: "CSAFPID-0006", product_identification_helper: { model_numbers: [ "6GK5812-1AA00-2AA2", ], }, }, }, ], category: "product_name", name: "SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2)", }, { branches: [ { category: "product_version_range", name: ">= V6.2 < V7.1", product: { name: "SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2)", product_id: "CSAFPID-0007", product_identification_helper: { model_numbers: [ "6GK5812-1BA00-2AA2", ], }, }, }, ], category: "product_name", name: "SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2)", }, { branches: [ { category: "product_version_range", name: ">= V6.2 < V7.1", product: { name: "SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2)", product_id: "CSAFPID-0008", product_identification_helper: { model_numbers: [ "6GK5816-1AA00-2AA2", ], }, }, }, ], category: "product_name", name: "SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2)", }, { branches: [ { category: "product_version_range", name: ">= V6.2 < V7.1", product: { name: "SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2)", product_id: "CSAFPID-0009", product_identification_helper: { model_numbers: [ "6GK5816-1BA00-2AA2", ], }, }, }, ], category: "product_name", name: "SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2)", }, { branches: [ { category: "product_version_range", name: ">= V6.2 < V7.1", product: { name: "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)", product_id: "CSAFPID-00010", product_identification_helper: { model_numbers: [ "6GK5826-2AB00-2AB2", ], }, }, }, ], category: "product_name", name: "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)", }, { branches: [ { category: "product_version_range", name: ">= V6.2 < V7.1", product: { name: "SCALANCE M874-2 (6GK5874-2AA00-2AA2)", product_id: "CSAFPID-00011", product_identification_helper: { model_numbers: [ "6GK5874-2AA00-2AA2", ], }, }, }, ], category: "product_name", name: "SCALANCE M874-2 (6GK5874-2AA00-2AA2)", }, { branches: [ { category: "product_version_range", name: ">= V6.2 < V7.1", product: { name: "SCALANCE M874-3 (6GK5874-3AA00-2AA2)", product_id: "CSAFPID-00012", product_identification_helper: { model_numbers: [ "6GK5874-3AA00-2AA2", ], }, }, }, ], category: "product_name", name: "SCALANCE M874-3 (6GK5874-3AA00-2AA2)", }, { branches: [ { category: "product_version_range", name: ">= V6.2 < V7.1", product: { name: "SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2)", product_id: "CSAFPID-00013", product_identification_helper: { model_numbers: [ "6GK5876-3AA02-2BA2", ], }, }, }, ], category: "product_name", name: "SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2)", }, { branches: [ { category: "product_version_range", name: ">= V6.2 < V7.1", product: { name: "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)", product_id: "CSAFPID-00014", product_identification_helper: { model_numbers: [ "6GK5876-3AA02-2EA2", ], }, }, }, ], category: "product_name", name: "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)", }, { branches: [ { category: "product_version_range", name: ">= V6.2 < V7.1", product: { name: "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)", product_id: "CSAFPID-00015", product_identification_helper: { model_numbers: [ "6GK5876-4AA00-2BA2", ], }, }, }, ], category: "product_name", name: "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)", }, { branches: [ { category: "product_version_range", name: ">= V6.2 < V7.1", product: { name: "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)", product_id: "CSAFPID-00016", product_identification_helper: { model_numbers: [ "6GK5876-4AA00-2DA2", ], }, }, }, ], category: "product_name", name: "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)", }, { branches: [ { category: "product_version_range", name: ">= V4.1", product: { name: "SCALANCE S602", product_id: "CSAFPID-00017", }, }, ], category: "product_name", name: "SCALANCE S602", }, { branches: [ { category: "product_version_range", name: ">= V4.1", product: { name: "SCALANCE S612", product_id: "CSAFPID-00018", }, }, ], category: "product_name", name: "SCALANCE S612", }, { branches: [ { category: "product_version_range", name: ">= V6.2 <V7.1", product: { name: "SCALANCE S615 (6GK5615-0AA00-2AA2)", product_id: "CSAFPID-00019", product_identification_helper: { model_numbers: [ "6GK5615-0AA00-2AA2", ], }, }, }, ], category: "product_name", name: "SCALANCE S615 (6GK5615-0AA00-2AA2)", }, { branches: [ { category: "product_version_range", name: ">= V4.1", product: { name: "SCALANCE S623", product_id: "CSAFPID-00020", }, }, ], category: "product_name", name: "SCALANCE S623", }, { branches: [ { category: "product_version_range", name: ">= V4.1", product: { name: "SCALANCE S627-2M", product_id: "CSAFPID-00021", }, }, ], category: "product_name", name: "SCALANCE S627-2M", }, { branches: [ { category: "product_version_range", name: ">= V2.0 < V2.1.4", product: { name: "SCALANCE SC622-2C (6GK5622-2GS00-2AC2)", product_id: "CSAFPID-00022", product_identification_helper: { model_numbers: [ "6GK5622-2GS00-2AC2", ], }, }, }, ], category: "product_name", name: "SCALANCE SC622-2C (6GK5622-2GS00-2AC2)", }, { branches: [ { category: "product_version_range", name: ">= V2.0 < V2.1.4", product: { name: "SCALANCE SC632-2C (6GK5632-2GS00-2AC2)", product_id: "CSAFPID-00023", product_identification_helper: { model_numbers: [ "6GK5632-2GS00-2AC2", ], }, }, }, ], category: "product_name", name: "SCALANCE SC632-2C (6GK5632-2GS00-2AC2)", }, { branches: [ { category: "product_version_range", name: ">= V2.0 < V2.1.4", product: { name: "SCALANCE SC636-2C (6GK5636-2GS00-2AC2)", product_id: "CSAFPID-00024", product_identification_helper: { model_numbers: [ "6GK5636-2GS00-2AC2", ], }, }, }, ], category: "product_name", name: "SCALANCE SC636-2C (6GK5636-2GS00-2AC2)", }, { branches: [ { category: "product_version_range", name: ">= V2.0 < V2.1.4", product: { name: "SCALANCE SC642-2C (6GK5642-2GS00-2AC2)", product_id: "CSAFPID-00025", product_identification_helper: { model_numbers: [ "6GK5642-2GS00-2AC2", ], }, }, }, ], category: "product_name", name: "SCALANCE SC642-2C (6GK5642-2GS00-2AC2)", }, { branches: [ { category: "product_version_range", name: ">= V2.0 < V2.1.4", product: { name: "SCALANCE SC646-2C (6GK5646-2GS00-2AC2)", product_id: "CSAFPID-00026", product_identification_helper: { model_numbers: [ "6GK5646-2GS00-2AC2", ], }, }, }, ], category: "product_name", name: "SCALANCE SC646-2C (6GK5646-2GS00-2AC2)", }, { branches: [ { category: "product_version_range", name: ">= V6.5", product: { name: "SCALANCE W-700 IEEE 802.11n family", product_id: "CSAFPID-00027", }, }, ], category: "product_name", name: "SCALANCE W-700 IEEE 802.11n family", }, { branches: [ { category: "product_version_range", name: ">= V2.0 < V3.0", product: { name: "SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0)", product_id: "CSAFPID-00028", product_identification_helper: { model_numbers: [ "6GK5748-1GY01-0TA0", ], }, }, }, ], category: "product_name", name: "SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0)", }, { branches: [ { category: "product_version_range", name: ">= V2.0 < V3.0", product: { name: "SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0)", product_id: "CSAFPID-00029", product_identification_helper: { model_numbers: [ "6GK5748-1GY01-0AA0", ], }, }, }, ], category: "product_name", name: "SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0)", }, { branches: [ { category: "product_version_range", name: ">= V2.0 < V3.0", product: { name: "SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0)", product_id: "CSAFPID-00030", product_identification_helper: { model_numbers: [ "6GK5788-1GY01-0AA0", ], }, }, }, ], category: "product_name", name: "SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0)", }, { branches: [ { category: "product_version_range", name: ">= V2.0 < V3.0", product: { name: "SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0)", product_id: "CSAFPID-00031", product_identification_helper: { model_numbers: [ "6GK5788-2GY01-0TA0", ], }, }, }, ], category: "product_name", name: "SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0)", }, { branches: [ { category: "product_version_range", name: ">= V2.0 < V3.0", product: { name: "SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0)", product_id: "CSAFPID-00032", product_identification_helper: { model_numbers: [ "6GK5788-2GY01-0AA0", ], }, }, }, ], category: "product_name", name: "SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0)", }, { branches: [ { category: "product_version_range", name: ">= V2.0 < V3.0", product: { name: "SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0)", product_id: "CSAFPID-00033", product_identification_helper: { model_numbers: [ "6GK5788-2HY01-0AA0", ], }, }, }, ], category: "product_name", name: "SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0)", }, { branches: [ { category: "product_version_range", name: "< V4.3", product: { name: "SCALANCE XB-200", product_id: "CSAFPID-00034", }, }, ], category: "product_name", name: "SCALANCE XB-200", }, { branches: [ { category: "product_version_range", name: "< V4.3", product: { name: "SCALANCE XC-200", product_id: "CSAFPID-00035", }, }, ], category: "product_name", name: "SCALANCE XC-200", }, { branches: [ { category: "product_version_range", name: "< V4.3", product: { name: "SCALANCE XF-200BA", product_id: "CSAFPID-00036", }, }, ], category: "product_name", name: "SCALANCE XF-200BA", }, { branches: [ { category: "product_version_range", name: "< V6.4", product: { name: "SCALANCE XM-400", product_id: "CSAFPID-00037", }, }, ], category: "product_name", name: "SCALANCE XM-400", }, { branches: [ { category: "product_version_range", name: "< V4.3", product: { name: "SCALANCE XP-200", product_id: "CSAFPID-00038", }, }, ], category: "product_name", name: "SCALANCE XP-200", }, { branches: [ { category: "product_version_range", name: "< V4.3", product: { name: "SCALANCE XR-300WG", product_id: "CSAFPID-00039", }, }, ], category: "product_name", name: "SCALANCE XR-300WG", }, { branches: [ { category: "product_version_range", name: "< V6.4", product: { name: "SCALANCE XR-500 Family", product_id: "CSAFPID-00040", }, }, ], category: "product_name", name: "SCALANCE XR-500 Family", }, { branches: [ { category: "product_version_range", name: ">= V1.1 < V1.6", product: { name: "SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00)", product_id: "CSAFPID-00041", product_identification_helper: { model_numbers: [ "6GK1411-1AC00", ], }, }, }, ], category: "product_name", name: "SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00)", }, { branches: [ { category: "product_version_range", name: ">= V1.1 < V1.6", product: { name: "SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00)", product_id: "CSAFPID-00042", product_identification_helper: { model_numbers: [ "6GK1411-5AC00", ], }, }, }, ], category: "product_name", name: "SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00)", }, { branches: [ { category: "product_version_range", name: ">= V3.1 < V3.3.46", product: { name: "SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0)", product_id: "CSAFPID-00043", product_identification_helper: { model_numbers: [ "6GK7242-7KX31-0XE0", ], }, }, }, ], category: "product_name", name: "SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0)", }, { branches: [ { category: "product_version_range", name: ">= V3.1 < V3.3.46", product: { name: "SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0)", product_id: "CSAFPID-00044", product_identification_helper: { model_numbers: [ "6GK7243-1BX30-0XE0", ], }, }, }, ], category: "product_name", name: "SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0)", }, { branches: [ { category: "product_version_range", name: ">= V3.1 < V3.3.46", product: { name: "SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0)", product_id: "CSAFPID-00045", product_identification_helper: { model_numbers: [ "6GK7243-7KX30-0XE0", ], }, }, }, ], category: "product_name", name: "SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0)", }, { branches: [ { category: "product_version_range", name: ">= V3.1 < V3.3.46", product: { name: "SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0)", product_id: "CSAFPID-00046", product_identification_helper: { model_numbers: [ "6GK7243-7SX30-0XE0", ], }, }, }, ], category: "product_name", name: "SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0)", }, { branches: [ { category: "product_version_range", name: ">= V3.1 < V3.3.46", product: { name: "SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0)", product_id: "CSAFPID-00047", product_identification_helper: { model_numbers: [ "6GK7243-8RX30-0XE0", ], }, }, }, ], category: "product_name", name: "SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0)", }, { branches: [ { category: "product_version_range", name: ">= V2.1 < V2.2.28", product: { name: "SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0)", product_id: "CSAFPID-00048", product_identification_helper: { model_numbers: [ "6GK7542-6VX00-0XE0", ], }, }, }, ], category: "product_name", name: "SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0)", }, { branches: [ { category: "product_version_range", name: ">= V2.2 < V3.0", product: { name: "SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0)", product_id: "CSAFPID-00049", product_identification_helper: { model_numbers: [ "6GK7543-1AX00-0XE0", ], }, }, }, ], category: "product_name", name: "SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0)", }, { branches: [ { category: "product_version_range", name: ">= V2.1 < V2.2.28", product: { name: "SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0)", product_id: "CSAFPID-00050", product_identification_helper: { model_numbers: [ "6GK7543-6WX00-0XE0", ], }, }, }, ], category: "product_name", name: "SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0)", }, { branches: [ { category: "product_version_range", name: ">= V1.0 < V1.1", product: { name: "SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0)", product_id: "CSAFPID-00051", product_identification_helper: { model_numbers: [ "6GK7545-1GX00-0XE0", ], }, }, }, ], category: "product_name", name: "SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0)", }, { branches: [ { category: "product_version_range", name: "< V17.0 Upd 2", product: { name: "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants)", product_id: "CSAFPID-00052", }, }, ], category: "product_name", name: "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "< V17.0 Upd 2", product: { name: "SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants)", product_id: "CSAFPID-00053", }, }, ], category: "product_name", name: "SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "< V17.0 Upd 2", product: { name: "SIMATIC HMI KTP Mobile Panels", product_id: "CSAFPID-00054", }, }, ], category: "product_name", name: "SIMATIC HMI KTP Mobile Panels", }, { branches: [ { category: "product_version_range", name: ">= V1.6 Upd2 < V1.6 Upd5", product: { name: "SIMATIC Logon (6ES7658-7BX61-0YA0)", product_id: "CSAFPID-00055", product_identification_helper: { model_numbers: [ "6ES7658-7BX61-0YA0", ], }, }, }, ], category: "product_name", name: "SIMATIC Logon (6ES7658-7BX61-0YA0)", }, { branches: [ { category: "product_version_range", name: "< V3.1", product: { name: "SIMATIC MV540 H (6GF3540-0GE10)", product_id: "CSAFPID-00056", product_identification_helper: { model_numbers: [ "6GF3540-0GE10", ], }, }, }, ], category: "product_name", name: "SIMATIC MV540 H (6GF3540-0GE10)", }, { branches: [ { category: "product_version_range", name: "< V3.1", product: { name: "SIMATIC MV540 S (6GF3540-0CD10)", product_id: "CSAFPID-00057", product_identification_helper: { model_numbers: [ "6GF3540-0CD10", ], }, }, }, ], category: "product_name", name: "SIMATIC MV540 S (6GF3540-0CD10)", }, { branches: [ { category: "product_version_range", name: "< V3.1", product: { name: "SIMATIC MV550 H (6GF3550-0GE10)", product_id: "CSAFPID-00058", product_identification_helper: { model_numbers: [ "6GF3550-0GE10", ], }, }, }, ], category: "product_name", name: "SIMATIC MV550 H (6GF3550-0GE10)", }, { branches: [ { category: "product_version_range", name: "< V3.1", product: { name: "SIMATIC MV550 S (6GF3550-0CD10)", product_id: "CSAFPID-00059", product_identification_helper: { model_numbers: [ "6GF3550-0CD10", ], }, }, }, ], category: "product_name", name: "SIMATIC MV550 S (6GF3550-0CD10)", }, { branches: [ { category: "product_version_range", name: "< V3.1", product: { name: "SIMATIC MV560 U (6GF3560-0LE10)", product_id: "CSAFPID-00060", product_identification_helper: { model_numbers: [ "6GF3560-0LE10", ], }, }, }, ], category: "product_name", name: "SIMATIC MV560 U (6GF3560-0LE10)", }, { branches: [ { category: "product_version_range", name: "< V3.1", product: { name: "SIMATIC MV560 X (6GF3560-0HE10)", product_id: "CSAFPID-00061", product_identification_helper: { model_numbers: [ "6GF3560-0HE10", ], }, }, }, ], category: "product_name", name: "SIMATIC MV560 X (6GF3560-0HE10)", }, { branches: [ { category: "product_version_range", name: "< V9.1", product: { name: "SIMATIC PCS 7 TeleControl", product_id: "CSAFPID-00062", }, }, ], category: "product_name", name: "SIMATIC PCS 7 TeleControl", }, { branches: [ { category: "product_version_range", name: "< V3.1", product: { name: "SIMATIC PCS neo", product_id: "CSAFPID-00063", }, }, ], category: "product_name", name: "SIMATIC PCS neo", }, { branches: [ { category: "product_version_range", name: ">= V9.1 Upd 7 < V9.2 SP 1", product: { name: "SIMATIC PDM", product_id: "CSAFPID-00064", }, }, ], category: "product_name", name: "SIMATIC PDM", }, { branches: [ { category: "product_version_range", name: ">= 2019 < 2020 Upd1", product: { name: "SIMATIC Process Historian OPC UA Server", product_id: "CSAFPID-00065", }, }, ], category: "product_name", name: "SIMATIC Process Historian OPC UA Server", }, { branches: [ { category: "product_version_range", name: "< V2.0", product: { name: "SIMATIC RF166C (6GT2002-0EE20)", product_id: "CSAFPID-00066", product_identification_helper: { model_numbers: [ "6GT2002-0EE20", ], }, }, }, ], category: "product_name", name: "SIMATIC RF166C (6GT2002-0EE20)", }, { branches: [ { category: "product_version_range", name: "< V2.0", product: { name: "SIMATIC RF185C (6GT2002-0JE10)", product_id: "CSAFPID-00067", product_identification_helper: { model_numbers: [ "6GT2002-0JE10", ], }, }, }, ], category: "product_name", name: "SIMATIC RF185C (6GT2002-0JE10)", }, { branches: [ { category: "product_version_range", name: "< V2.0", product: { name: "SIMATIC RF186C (6GT2002-0JE20)", product_id: "CSAFPID-00068", product_identification_helper: { model_numbers: [ "6GT2002-0JE20", ], }, }, }, ], category: "product_name", name: "SIMATIC RF186C (6GT2002-0JE20)", }, { branches: [ { category: "product_version_range", name: "< V2.0", product: { name: "SIMATIC RF186CI (6GT2002-0JE50)", product_id: "CSAFPID-00069", product_identification_helper: { model_numbers: [ "6GT2002-0JE50", ], }, }, }, ], category: "product_name", name: "SIMATIC RF186CI (6GT2002-0JE50)", }, { branches: [ { category: "product_version_range", name: "< V2.0", product: { name: "SIMATIC RF188C (6GT2002-0JE40)", product_id: "CSAFPID-00070", product_identification_helper: { model_numbers: [ "6GT2002-0JE40", ], }, }, }, ], category: "product_name", name: "SIMATIC RF188C (6GT2002-0JE40)", }, { branches: [ { category: "product_version_range", name: "< V2.0", product: { name: "SIMATIC RF188CI (6GT2002-0JE60)", product_id: "CSAFPID-00071", product_identification_helper: { model_numbers: [ "6GT2002-0JE60", ], }, }, }, ], category: "product_name", name: "SIMATIC RF188CI (6GT2002-0JE60)", }, { branches: [ { category: "product_version_range", name: "< V2.0", product: { name: "SIMATIC RF360R (6GT2801-5BA30)", product_id: "CSAFPID-00072", product_identification_helper: { model_numbers: [ "6GT2801-5BA30", ], }, }, }, ], category: "product_name", name: "SIMATIC RF360R (6GT2801-5BA30)", }, { branches: [ { category: "product_version_range", name: "< V4.0", product: { name: "SIMATIC RF610R (6GT2811-6BC10)", product_id: "CSAFPID-00073", product_identification_helper: { model_numbers: [ "6GT2811-6BC10", ], }, }, }, ], category: "product_name", name: "SIMATIC RF610R (6GT2811-6BC10)", }, { branches: [ { category: "product_version_range", name: "< V4.0", product: { name: "SIMATIC RF615R (6GT2811-6CC10)", product_id: "CSAFPID-00074", product_identification_helper: { model_numbers: [ "6GT2811-6CC10", ], }, }, }, ], category: "product_name", name: "SIMATIC RF615R (6GT2811-6CC10)", }, { branches: [ { category: "product_version_range", name: "< V4.0", product: { name: "SIMATIC RF650R (6GT2811-6AB20)", product_id: "CSAFPID-00075", product_identification_helper: { model_numbers: [ "6GT2811-6AB20", ], }, }, }, ], category: "product_name", name: "SIMATIC RF650R (6GT2811-6AB20)", }, { branches: [ { category: "product_version_range", name: "< V4.0", product: { name: "SIMATIC RF680R (6GT2811-6AA10)", product_id: "CSAFPID-00076", product_identification_helper: { model_numbers: [ "6GT2811-6AA10", ], }, }, }, ], category: "product_name", name: "SIMATIC RF680R (6GT2811-6AA10)", }, { branches: [ { category: "product_version_range", name: "< V4.0", product: { name: "SIMATIC RF685R (6GT2811-6CA10)", product_id: "CSAFPID-00077", product_identification_helper: { model_numbers: [ "6GT2811-6CA10", ], }, }, }, ], category: "product_name", name: "SIMATIC RF685R (6GT2811-6CA10)", }, { branches: [ { category: "product_version_range", name: "< V4.5.2", product: { name: "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", product_id: "CSAFPID-00078", }, }, ], category: "product_name", name: "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "< V2.9.3", product: { name: "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0, 6AG1518-4AX00-4AC0, incl. SIPLUS variant)", product_id: "CSAFPID-00079", }, }, ], category: "product_name", name: "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0, 6AG1518-4AX00-4AC0, incl. SIPLUS variant)", }, { branches: [ { category: "product_version_range", name: "< V17 Update 1", product: { name: "SIMATIC WinCC Runtime Advanced", product_id: "CSAFPID-00080", }, }, ], category: "product_name", name: "SIMATIC WinCC Runtime Advanced", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SIMATIC WinCC TeleControl", product_id: "CSAFPID-00081", }, }, ], category: "product_name", name: "SIMATIC WinCC TeleControl", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SINAMICS Connect 300", product_id: "CSAFPID-00082", }, }, ], category: "product_name", name: "SINAMICS Connect 300", }, { branches: [ { category: "product_version_range", name: ">= V1.0 SP1 < V1.0 SP2", product: { name: "SINEC NMS", product_id: "CSAFPID-00083", }, }, ], category: "product_name", name: "SINEC NMS", }, { branches: [ { category: "product_version_range", name: "All versions V14 < V14 SP3", product: { name: "SINEMA Server", product_id: "CSAFPID-00084", }, }, ], category: "product_name", name: "SINEMA Server", }, { branches: [ { category: "product_version_range", name: "< V3.1 SP1", product: { name: "SINUMERIK OPC UA Server", product_id: "CSAFPID-00085", }, }, ], category: "product_name", name: "SINUMERIK OPC UA Server", }, { branches: [ { category: "product_version_range", name: ">= V2.1 < V2.2.28", product: { name: "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0)", product_id: "CSAFPID-00086", product_identification_helper: { model_numbers: [ "6AG2542-6VX00-4XE0", ], }, }, }, ], category: "product_name", name: "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0)", }, { branches: [ { category: "product_version_range", name: ">= V2.1 < V2.2.28", product: { name: "SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0)", product_id: "CSAFPID-00087", product_identification_helper: { model_numbers: [ "6AG1543-6WX00-7XE0", ], }, }, }, ], category: "product_name", name: "SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0)", }, { branches: [ { category: "product_version_range", name: ">= V2.1 < V2.2.28", product: { name: "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0)", product_id: "CSAFPID-00088", product_identification_helper: { model_numbers: [ "6AG2543-6WX00-4XE0", ], }, }, }, ], category: "product_name", name: "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0)", }, { branches: [ { category: "product_version_range", name: ">= V3.1 < V3.3.46", product: { name: "SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0)", product_id: "CSAFPID-00089", product_identification_helper: { model_numbers: [ "6AG1242-7KX31-7XE0", ], }, }, }, ], category: "product_name", name: "SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0)", }, { branches: [ { category: "product_version_range", name: ">= V2.2 < V3.0", product: { name: "SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0)", product_id: "CSAFPID-00090", product_identification_helper: { model_numbers: [ "6AG1543-1AX00-2XE0", ], }, }, }, ], category: "product_name", name: "SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0)", }, { branches: [ { category: "product_version_range", name: ">= V3.1 < V3.3.46", product: { name: "SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0)", product_id: "CSAFPID-00091", product_identification_helper: { model_numbers: [ "6AG1243-1BX30-2AX0", ], }, }, }, ], category: "product_name", name: "SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0)", }, { branches: [ { category: "product_version_range", name: ">= V3.1 < V3.3.46", product: { name: "SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0)", product_id: "CSAFPID-00092", product_identification_helper: { model_numbers: [ "6AG2243-1BX30-1XE0", ], }, }, }, ], category: "product_name", name: "SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0)", }, { branches: [ { category: "product_version_range", name: ">= V2.0 < V2.2", product: { name: "SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0)", product_id: "CSAFPID-00093", product_identification_helper: { model_numbers: [ "6AG1543-1MX00-7XE0", ], }, }, }, ], category: "product_name", name: "SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0)", }, { branches: [ { category: "product_version_range", name: "< V1.0 SP4", product: { name: "TIA Administrator", product_id: "CSAFPID-00094", }, }, ], category: "product_name", name: "TIA Administrator", }, { branches: [ { category: "product_version_range", name: ">= V2.0 < V2.2", product: { name: "TIM 1531 IRC (6GK7543-1MX00-0XE0)", product_id: "CSAFPID-00095", product_identification_helper: { model_numbers: [ "6GK7543-1MX00-0XE0", ], }, }, }, ], category: "product_name", name: "TIM 1531 IRC (6GK7543-1MX00-0XE0)", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2021-3449", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). CVE-2021-3449 has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated. the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00029", "CSAFPID-00028", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", ], }, references: [ { category: "external", summary: "nvd.nist.gov", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-3449", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "Restrict access to Remote Access service, if used, to mitigate this issue. This service is disabled by default.", product_ids: [ "CSAFPID-00055", ], }, { category: "mitigation", details: "Restrict access to the command interface, if used, to mitigate this issue. This interface is disabled by default.", product_ids: [ "CSAFPID-00064", ], }, { category: "mitigation", details: "Update ROX II to V2.14.1 (\nhttps://support.industry.siemens.com/cs/ww/en/view/109800780/) or later version", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "use TLS v1.3 only", product_ids: [ "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00019", ], }, { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00027", "CSAFPID-00082", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "CSAFPID-00081", ], }, { category: "vendor_fix", details: "Update to V2.2.28 or later version", product_ids: [ "CSAFPID-00048", "CSAFPID-00050", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109817067/", }, { category: "vendor_fix", details: "Update to V3.1 or later version\nTo obtain SIMATIC PCS neo V3.1 contact your local support.", product_ids: [ "CSAFPID-00063", ], }, { category: "vendor_fix", details: "Update to V9.1 or later version", product_ids: [ "CSAFPID-00062", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109805072/", }, { category: "vendor_fix", details: "Update to V9.2 SP 1 or later version", product_ids: [ "CSAFPID-00064", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109805353/", }, { category: "vendor_fix", details: "Update to V1.6 Upd5 or later version", product_ids: [ "CSAFPID-00055", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109794407/", }, { category: "vendor_fix", details: "Update SIMATIC PCS neo to V3.1 or later version\nTo obtain SIMATIC PCS neo V3.1 contact your local support.", product_ids: [ "CSAFPID-00065", ], }, { category: "vendor_fix", details: "Update to V4.5.2 or later version", product_ids: [ "CSAFPID-00078", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109793280/", }, { category: "vendor_fix", details: "Update to V4.3 or later version", product_ids: [ "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00038", "CSAFPID-00039", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109799569", }, { category: "vendor_fix", details: "Update to V6.4 or later version", product_ids: [ "CSAFPID-00037", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109796319", }, { category: "vendor_fix", details: "Update to V6.4 or later version", product_ids: [ "CSAFPID-00040", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109796317", }, { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0004", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109805118/", }, { category: "vendor_fix", details: "Update to V7.1 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00019", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109807276", }, { category: "vendor_fix", details: "Update to V1.0 SP2", product_ids: [ "CSAFPID-00083", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109797645/", }, { category: "vendor_fix", details: "Update to V2.0 or later version", product_ids: [ "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109808633", }, { category: "vendor_fix", details: "Update to V2.0 or later version", product_ids: [ "CSAFPID-00072", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109808759", }, { category: "vendor_fix", details: "Update to V2.9.3 or later version", product_ids: [ "CSAFPID-00079", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109478459/", }, { category: "vendor_fix", details: "Update to V1.0 SP4 or later version", product_ids: [ "CSAFPID-00094", ], url: "https://support.industry.siemens.com/cs/ww/en/view/114358/", }, { category: "vendor_fix", details: "Update to V3.1 SP1 or later version", product_ids: [ "CSAFPID-00085", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109801292", }, { category: "vendor_fix", details: "Update to V17.0 Upd 2 or later version", product_ids: [ "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109746530/", }, { category: "vendor_fix", details: "Update to V17 Update 1 or later version", product_ids: [ "CSAFPID-00080", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109800912", }, { category: "vendor_fix", details: "Update to V3.3.46 or later version", product_ids: [ "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00089", "CSAFPID-00091", "CSAFPID-00092", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109812218", }, { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-00051", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109811116/", }, { category: "vendor_fix", details: "Update to V14 SP3 or later version", product_ids: [ "CSAFPID-00084", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109801374/", }, { category: "vendor_fix", details: "Update to V2.1.4 or later version", product_ids: [ "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109797244", }, { category: "vendor_fix", details: "Update to V1.6 or later version", product_ids: [ "CSAFPID-00041", "CSAFPID-00042", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109803418/", }, { category: "vendor_fix", details: "Update to V3.1 or later version", product_ids: [ "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109804366", }, { category: "vendor_fix", details: "Update to V2.2 or later version", product_ids: [ "CSAFPID-00093", "CSAFPID-00095", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109798331", }, { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-00049", "CSAFPID-00090", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109800773", }, { category: "vendor_fix", details: "Update to V5.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109813558/", }, { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-00029", "CSAFPID-00028", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109808629/", }, { category: "vendor_fix", details: "Update to V4.0 or later version", product_ids: [ "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109808361", }, { category: "vendor_fix", details: "Update to V7.1 or later version", product_ids: [ "CSAFPID-0002", "CSAFPID-0003", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109807276/", }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00029", "CSAFPID-00028", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00029", "CSAFPID-00028", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", ], }, ], title: "CVE-2021-3449", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.