CVE-2021-27386

Name of the Vulnerable Software and Affected Versions SIMATIC HMI Comfort Outdoor Panels versions prior to V15.1 Update 6 SIMATIC HMI Comfort Outdoor Panels versions prior to V16 Update 4 SIMATIC HMI Comfort Panels versions prior to V15.1 Update 6 SIMATIC HMI Comfort Panels versions prior to V16 Update 4 SIMATIC HMI KTP Mobile Panels versions prior to V15.1 Update 6 SIMATIC HMI KTP Mobile Panels versions prior to V16 Update 4 SIMATIC WinCC Runtime Advanced versions prior to V15.1 Update 6 SIMATIC WinCC Runtime Advanced versions prior to V16 Update 4 SINAMICS GH150 (all versions) SINAMICS GL150 (with option X30) (all versions) SINAMICS GM150 (with option X30) (all versions) SINAMICS SH150 (all versions) SINAMICS SL150 (all versions) SINAMICS SM120 (all versions) SINAMICS SM150 (all versions) SINAMICS SM150i (all versions)

Description The issue is related to a heap allocation leak vulnerability in the device layout handler on the client side, which could result in a Denial-of-Service condition. This vulnerability is associated with an error in memory release. Exploitation of the vulnerability may allow a remote attacker to cause a denial of service.

Recommendations For SIMATIC HMI Comfort Outdoor Panels versions prior to V15.1 Update 6, update to V15.1 Update 6 or later. For SIMATIC HMI Comfort Outdoor Panels versions prior to V16 Update 4, update to V16 Update 4 or later. For SIMATIC HMI Comfort Panels versions prior to V15.1 Update 6, update to V15.1 Update 6 or later. For SIMATIC HMI Comfort Panels versions prior to V16 Update 4, update to V16 Update 4 or later. For SIMATIC HMI KTP Mobile Panels versions prior to V15.1 Update 6, update to V15.1 Update 6 or later. For SIMATIC HMI KTP Mobile Panels versions prior to V16 Update 4, update to V16 Update 4 or later. For SIMATIC WinCC Runtime Advanced versions prior to V15.1 Update 6, update to V15.1 Update 6 or later. For SIMATIC WinCC Runtime Advanced versions prior to V16 Update 4, update to V16 Update 4 or later. For SINAMICS products (GH150, GL150 with option X30, GM150 with option X30, SH150, SL150, SM120, SM150, SM150i), at the moment, there is no information about a newer version that contains a fix for this vulnerability.