← Back to home
ICSA-21-315-03  ·  Published 2023-04-11  ·  View on CISA ICS-CERT ↗

Siemens SIMATIC WinCC (Update E)

CVSS 9.9 CRITICAL

CVEs (3)

Remediations

  • CVE-2021-40358: Disable the webserver or only enable it temporarily, when needed
  • To fix CVE-2021-40359 see chapter "Additional Information"
  • Update to V8.2 SP1; then update SIMATIC WinCC to V7.4 SP1 Update 19 or later version to fix CVE-2021-40358 and CVE-2021-40364
  • Update to V15 SP1 Update 7 or later version
  • Update to V16 Update 5 or later version
  • Update to V17 Update 2 or later version
  • Update to V7.4 SP1 Update 19 or later version
  • Update to V7.5 SP2 Update 5 or later version
  • Update to V9.1 SP1 or later version
  • Update to V9.0 SP3 UC04 or later version to fix CVE-2021-40358 and CVE-2021-40364
  • The vulnerability is fixed if SIMATIC WinCC V7.4 SP1 Update 19 or later version is installed on the same system
  • Currently no fix is planned
  • Update to V9.0 Upd4 or later version; V9.0 Upd4 is bundled in PCS 7 V9.0 SP3 UC04
  • See remediation for SIMATIC PCS 7 V9.1
  • Update to V16 Update 6 or later version
  • Update to V17 SP1 or later version
  • CVE-2021-40364: Harden the application’s host to prevent local access by untrusted personnel

Affected Vendors

Siemens

Affected Products (21)

Siemens · OpenPCS 7 V8.2 vers:all/*
Siemens · OpenPCS 7 V9.0 <V9.0_Upd4
Siemens · OpenPCS 7 V9.1 vers:all/*
Siemens · SIMATIC BATCH V8.2 vers:all/*
Siemens · SIMATIC BATCH V9.0 vers:all/*
Siemens · SIMATIC BATCH V9.1 vers:all/*
Siemens · SIMATIC NET PC Software V14 vers:all/*
Siemens · SIMATIC NET PC Software V15 vers:all/*
Siemens · SIMATIC NET PC Software V16 <V16_Update_6
Siemens · SIMATIC NET PC Software V17 <V17_SP1
Siemens · SIMATIC PCS 7 V8.2 vers:all/*
Siemens · SIMATIC PCS 7 V9.0 <V9.0_SP3_UC04
Siemens · SIMATIC PCS 7 V9.1 <V9.1_SP1
Siemens · SIMATIC Route Control V8.2 vers:all/*
Siemens · SIMATIC Route Control V9.0 vers:all/*
Siemens · SIMATIC Route Control V9.1 vers:all/*
Siemens · SIMATIC WinCC V15 and earlier <V15_SP1_Update_7
Siemens · SIMATIC WinCC V16 <V16_Update_5
Siemens · SIMATIC WinCC V17 <V17_Update_2
Siemens · SIMATIC WinCC V7.4 <V7.4_SP1_Update_19
Siemens · SIMATIC WinCC V7.5 <V7.5_SP2_Update_5

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more