siemens simatic-wincc-runtime-advanced CVE-2021-25661 is a vulnerability in Siemens Simatic Wincc Runtime Advanced
Published on May 12, 2021

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the client side when sending data from the server, which could result in a Denial-of-Service condition.

NVD

Weakness Type

Access of Memory Location After End of Buffer

The software reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer. This typically occurs when a pointer or its index is decremented to a position before the buffer; when pointer arithmetic results in a position before the buffer; or when a negative index is used, which generates a position before the buffer.


Products Associated with CVE-2021-25661

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-25661 are published in Siemens Simatic Wincc Runtime Advanced:

Siemens Simatic Wincc Runtime Advanced
 

Affected Versions

Siemens SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants): Siemens SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) : Siemens SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants): Siemens SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) : Siemens SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F: Siemens SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F : Siemens SIMATIC WinCC Runtime Advanced V15: Siemens SIMATIC WinCC Runtime Advanced V16:

Exploit Probability

EPSS
0.37%
Percentile
58.43%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.