Yu Cong

**Name of the Vulnerable Software and Affected Versions** OpenPCS 7 versions prior to V9.1 SP2 UC05 SIMATIC BATCH versions prior to V9.1 SP2 UC05 SIMATIC PCS 7 versions prior to V9.1 SP2 UC05 SIMATIC Route Control versions prior to V9.1 SP2 UC05 SIMATIC WinCC Runtime Professional V18 versions prior to V18 Update 4 SIMATIC WinCC Runtime Professional V19 versions prior to V19 Update 2 SIMATIC WinCC V7.4 (all versions) SIMATIC WinCC V7.5 versions prior to V7.5 SP2 Update 15 SIMATIC WinCC V8.0 versions prior to V8.0 Update 4 **Description** A vulnerability has been identified in the implementation of the RPC (Remote Procedure call) communication protocol in the affected products. The issue is related to errors in handling certain malformed RPC messages and pointer dereferencing errors. This could allow an attacker to cause a denial of service condition in the RPC server. **Recommendations** For OpenPCS 7 versions prior to V9.1 SP2 UC05, update to V9.1 SP2 UC05 or later. For SIMATIC BATCH versions prior to V9.1 SP2 UC05, update to V9.1 SP2 UC05 or later. For SIMATIC PCS 7 versions prior to V9.1 SP2 UC05, update to V9.1 SP2 UC05 or later. For SIMATIC Route Control versions prior to V9.1 SP2 UC05, update to V9.1 SP2 UC05 or later. For SIMATIC WinCC Runtime Professional V18 versions prior to V18 Update 4, update to V18 Update 4 or later. For SIMATIC WinCC Runtime Professional V19 versions prior to V19 Update 2, update to V19 Update 2 or later. For SIMATIC WinCC V7.4, consider disabling the RPC communication protocol until a patch is available. For SIMATIC WinCC V7.5 versions prior to V7.5 SP2 Update 15, update to V7.5 SP2 Update 15 or later. For SIMATIC WinCC V8.0 versions prior to V8.0 Update 4, update to V8.0 Update 4 or later.

**Name of the Vulnerable Software and Affected Versions** OpenPCS 7 versions prior to V9.1 SP2 UC05 SIMATIC BATCH versions prior to V9.1 SP2 UC05 SIMATIC PCS 7 versions prior to V9.1 SP2 UC05 SIMATIC Route Control versions prior to V9.1 SP2 UC05 SIMATIC WinCC Runtime Professional version V18 through V18 Update 3 SIMATIC WinCC Runtime Professional version V19 through V19 Update 1 SIMATIC WinCC version V7.4 SIMATIC WinCC version V7.5 through V7.5 SP2 Update 14 SIMATIC WinCC version V8.0 through V8.0 Update 3 **Description** A vulnerability has been identified in the implementation of the RPC communication protocol in the affected products. The issue is related to the improper handling of certain unorganized RPC messages, which could allow an attacker to cause a denial of service condition in the RPC server. The vulnerability is also associated with pointer dereference errors. An attacker could exploit this vulnerability to cause a denial of service. **Recommendations** For OpenPCS 7 versions prior to V9.1 SP2 UC05, update to V9.1 SP2 UC05 or later. For SIMATIC BATCH versions prior to V9.1 SP2 UC05, update to V9.1 SP2 UC05 or later. For SIMATIC PCS 7 versions prior to V9.1 SP2 UC05, update to V9.1 SP2 UC05 or later. For SIMATIC Route Control versions prior to V9.1 SP2 UC05, update to V9.1 SP2 UC05 or later. For SIMATIC WinCC Runtime Professional version V18, update to V18 Update 4 or later. For SIMATIC WinCC Runtime Professional version V19, update to V19 Update 2 or later. For SIMATIC WinCC version V7.4, consider disabling the RPC communication protocol until a patch is available. For SIMATIC WinCC version V7.5, update to V7.5 SP2 Update 15 or later. For SIMATIC WinCC version V8.0, update to V8.0 Update 4 or later.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC S7-1500 CPU Family (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the software of programmable logic controllers. This could allow a remote attacker to cause a denial of service condition by sending specially crafted packets to port 102/tcp. A restart is needed to restore normal operations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.