{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "Vulnerabilities in third-party component cURL could allow an attacker\nto interfere with the affected products in various ways. Siemens\nhas released updates for several affected products and recommends to\nupdate to the latest versions. Siemens recommends countermeasures for\nproducts where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect\nnetwork access to devices with appropriate mechanisms. In order to\noperate the devices in a protected IT environment, Siemens recommends\nto configure the environment according to Siemens' operational\nguidelines for Industrial Security (Download:\nhttps://www.siemens.com/cert/operational-guidelines-industrial-\nsecurity), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found\nat: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-732250: Libcurl Vulnerabilities in Industrial Devices - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-732250.json"
},
{
"category": "self",
"summary": "SSA-732250: Libcurl Vulnerabilities in Industrial Devices - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-732250.txt"
},
{
"category": "self",
"summary": "SSA-732250: Libcurl Vulnerabilities in Industrial Devices - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-132-13 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-132-13.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-132-13 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-132-13"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens Industrial Devices using libcurl",
"tracking": {
"current_release_date": "2022-08-09T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-132-13",
"initial_release_date": "2022-05-10T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-05-10T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2022-06-14T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for SIMATIC CP 1545-1 and SINEMA Remote Connect Client"
},
{
"date": "2022-08-09T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added SIMATIC CP 1242-7 V2, CP 1243-7, CP 1243-1, CP 1243-8 as affected products; no fix planned for LOGO! CMR family"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "LOGO! CMR family",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "LOGO! CMR family"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V7.1",
"product": {
"name": "RUGGEDCOM RM1224 LTE(4G) EU",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"model_numbers": [
"6GK6108-4AM00-2BA2"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM RM1224 LTE(4G) EU"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V7.1",
"product": {
"name": "RUGGEDCOM RM1224 LTE(4G) NAM",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"model_numbers": [
"6GK6108-4AM00-2DA2"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM RM1224 LTE(4G) NAM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V7.1",
"product": {
"name": "SCALANCE M804PB",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"model_numbers": [
"6GK5804-0AP00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M804PB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V7.1",
"product": {
"name": "SCALANCE M812-1 ADSL-Router (Annex A)",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"model_numbers": [
"6GK5812-1AA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M812-1 ADSL-Router (Annex A)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V7.1",
"product": {
"name": "SCALANCE M812-1 ADSL-Router (Annex B)",
"product_id": "CSAFPID-0006",
"product_identification_helper": {
"model_numbers": [
"6GK5812-1BA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M812-1 ADSL-Router (Annex B)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V7.1",
"product": {
"name": "SCALANCE M816-1 ADSL-Router (Annex A)",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"model_numbers": [
"6GK5816-1AA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M816-1 ADSL-Router (Annex A)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V7.1",
"product": {
"name": "SCALANCE M816-1 ADSL-Router (Annex B)",
"product_id": "CSAFPID-0008",
"product_identification_helper": {
"model_numbers": [
"6GK5816-1BA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M816-1 ADSL-Router (Annex B)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V7.1",
"product": {
"name": "SCALANCE M826-2 SHDSL-Router",
"product_id": "CSAFPID-0009",
"product_identification_helper": {
"model_numbers": [
"6GK5826-2AB00-2AB2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M826-2 SHDSL-Router"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V7.1",
"product": {
"name": "SCALANCE M874-2",
"product_id": "CSAFPID-0010",
"product_identification_helper": {
"model_numbers": [
"6GK5874-2AA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M874-2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V7.1",
"product": {
"name": "SCALANCE M874-3",
"product_id": "CSAFPID-0011",
"product_identification_helper": {
"model_numbers": [
"6GK5874-3AA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M874-3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V7.1",
"product": {
"name": "SCALANCE M876-3 (EVDO)",
"product_id": "CSAFPID-0012",
"product_identification_helper": {
"model_numbers": [
"6GK5876-3AA02-2BA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M876-3 (EVDO)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V7.1",
"product": {
"name": "SCALANCE M876-3 (ROK)",
"product_id": "CSAFPID-0013",
"product_identification_helper": {
"model_numbers": [
"6GK5876-3AA02-2EA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M876-3 (ROK)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V7.1",
"product": {
"name": "SCALANCE M876-4 (EU)",
"product_id": "CSAFPID-0014",
"product_identification_helper": {
"model_numbers": [
"6GK5876-4AA00-2BA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M876-4 (EU)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V7.1",
"product": {
"name": "SCALANCE M876-4 (NAM)",
"product_id": "CSAFPID-0015",
"product_identification_helper": {
"model_numbers": [
"6GK5876-4AA00-2DA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M876-4 (NAM)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V7.1",
"product": {
"name": "SCALANCE MUM856-1 (EU)",
"product_id": "CSAFPID-0016",
"product_identification_helper": {
"model_numbers": [
"6GK5856-2EA00-3DA1"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE MUM856-1 (EU)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V7.1",
"product": {
"name": "SCALANCE MUM856-1 (RoW)",
"product_id": "CSAFPID-0017",
"product_identification_helper": {
"model_numbers": [
"6GK5856-2EA00-3AA1"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE MUM856-1 (RoW)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V7.1",
"product": {
"name": "SCALANCE S615",
"product_id": "CSAFPID-0018",
"product_identification_helper": {
"model_numbers": [
"6GK5615-0AA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE S615"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V3.3.46",
"product": {
"name": "SIMATIC CP 1242-7 V2",
"product_id": "CSAFPID-0019",
"product_identification_helper": {
"model_numbers": [
"6GK7242-7KX31-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 1242-7 V2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V3.3.46",
"product": {
"name": "SIMATIC CP 1243-1",
"product_id": "CSAFPID-0020",
"product_identification_helper": {
"model_numbers": [
"6GK7243-1BX30-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 1243-1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V3.3.46",
"product": {
"name": "SIMATIC CP 1243-7 LTE EU",
"product_id": "CSAFPID-0021",
"product_identification_helper": {
"model_numbers": [
"6GK7243-7KX30-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 1243-7 LTE EU"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V3.3.46",
"product": {
"name": "SIMATIC CP 1243-7 LTE US",
"product_id": "CSAFPID-0022",
"product_identification_helper": {
"model_numbers": [
"6GK7243-7SX30-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 1243-7 LTE US"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V3.3.46",
"product": {
"name": "SIMATIC CP 1243-8 IRC",
"product_id": "CSAFPID-0023",
"product_identification_helper": {
"model_numbers": [
"6GK7243-8RX30-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 1243-8 IRC"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V3.0.22",
"product": {
"name": "SIMATIC CP 1543-1",
"product_id": "CSAFPID-0024",
"product_identification_helper": {
"model_numbers": [
"6GK7543-1AX00-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 1543-1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V1.1",
"product": {
"name": "SIMATIC CP 1545-1",
"product_id": "CSAFPID-0025",
"product_identification_helper": {
"model_numbers": [
"6GK7545-1GX00-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 1545-1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V5.0.14",
"product": {
"name": "SIMATIC RTU3010C",
"product_id": "CSAFPID-0026",
"product_identification_helper": {
"model_numbers": [
"6NH3112-0BA00-0XX0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC RTU3010C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V5.0.14",
"product": {
"name": "SIMATIC RTU3030C",
"product_id": "CSAFPID-0027",
"product_identification_helper": {
"model_numbers": [
"6NH3112-3BA00-0XX0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC RTU3030C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V5.0.14",
"product": {
"name": "SIMATIC RTU3031C",
"product_id": "CSAFPID-0028",
"product_identification_helper": {
"model_numbers": [
"6NH3112-3BB00-0XX0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC RTU3031C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V5.0.14",
"product": {
"name": "SIMATIC RTU3041C",
"product_id": "CSAFPID-0029",
"product_identification_helper": {
"model_numbers": [
"6NH3112-4BB00-0XX0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC RTU3041C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V3.1",
"product": {
"name": "SINEMA Remote Connect Client",
"product_id": "CSAFPID-0030"
}
}
],
"category": "product_name",
"name": "SINEMA Remote Connect Client"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V3.3.46",
"product": {
"name": "SIPLUS NET CP 1242-7 V2",
"product_id": "CSAFPID-0031",
"product_identification_helper": {
"model_numbers": [
"6AG1242-7KX31-7XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET CP 1242-7 V2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V3.0.22",
"product": {
"name": "SIPLUS NET CP 1543-1",
"product_id": "CSAFPID-0032",
"product_identification_helper": {
"model_numbers": [
"6AG1543-1AX00-2XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET CP 1543-1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V3.3.46",
"product": {
"name": "SIPLUS S7-1200 CP 1243-1",
"product_id": "CSAFPID-0033",
"product_identification_helper": {
"model_numbers": [
"6AG1243-1BX30-2AX0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS S7-1200 CP 1243-1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "<V3.3.46",
"product": {
"name": "SIPLUS S7-1200 CP 1243-1 RAIL",
"product_id": "CSAFPID-0034",
"product_identification_helper": {
"model_numbers": [
"6AG2243-1BX30-1XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS S7-1200 CP 1243-1 RAIL"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-22901",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0025"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811116/"
},
{
"category": "vendor_fix",
"details": "Update to V3.0.22 or later version",
"product_ids": [
"CSAFPID-0024",
"CSAFPID-0032"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109808678"
},
{
"category": "vendor_fix",
"details": "Update to V3.3.46 or later version",
"product_ids": [
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0031",
"CSAFPID-0033",
"CSAFPID-0034"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109812218"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034"
]
}
],
"title": "CVE-2021-22901"
},
{
"cve": "CVE-2021-22924",
"cwe": {
"id": "CWE-706",
"name": "Use of Incorrectly-Resolved Name or Reference"
},
"notes": [
{
"category": "summary",
"text": "libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*, which could lead to libcurl reusing wrong connections. File paths are, or can be, case sensitive on many systems but not all, and can even vary depending on used file systems. The comparison also didn't include the 'issuer cert' which a transfer can set to qualify how to verify the server certificate.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use the certificate projection feature to pin the valid certificates\nof external servers providing the services E-mail and DynDNS to the\naffected devices. To do this, see the description in the sections \"Ca\nCertificate\" in the chapters \"E-Mail\" and \"DynDNS\" in the manual",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V7.1 or later version",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109807276"
},
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0025"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811116/"
},
{
"category": "vendor_fix",
"details": "Update to V3.0.22 or later version",
"product_ids": [
"CSAFPID-0024",
"CSAFPID-0032"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109808678"
},
{
"category": "vendor_fix",
"details": "Update to V5.0.14 or later version",
"product_ids": [
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810215/"
},
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"CSAFPID-0030"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811169/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3.46 or later version",
"product_ids": [
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0031",
"CSAFPID-0033",
"CSAFPID-0034"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109812218"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034"
]
}
],
"title": "CVE-2021-22924"
}
]
}