CVE-2021-40363

Name of the Vulnerable Software and Affected Versions SIMATIC PCS 7 versions V8.2 through V9.1 SIMATIC WinCC versions V7.4 through V7.5 SIMATIC WinCC versions V15 through V17

Description The issue is related to a potential information leak about files and directories. An attacker may exploit this to obtain credentials. The affected component stores local system account credentials in a project file using an outdated cipher algorithm, which could allow an attacker to brute force the credentials and take over the system.

Recommendations For SIMATIC PCS 7 versions V8.2 through V9.1, update to a version that includes the necessary security patches. For SIMATIC WinCC versions V7.4 through V7.5, update to V7.4 SP1 Update 19 or V7.5 SP2 Update 6, or later. For SIMATIC WinCC versions V15 through V17, update to V15 SP1 Update 7, V16 Update 5, or V17 Update 2, or later, and ensure that the update includes the fix for the outdated cipher algorithm used for storing credentials.