CVE-2021-25662

HIGH

SIMATIC WinCC Runtime Advanced < 16 - Denial of Service via SmartVNC Client Exception Handling

Title source: llm
STIX 2.1

Description

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC client fails to handle an exception properly if the program execution process is modified after sending a packet from the server, which could result in a Denial-of-Service condition.

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12

Scores

CVSS v3 7.5
EPSS 0.0074
EPSS Percentile 73.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-755
Status published
Products (14)
siemens/simatic_hmi_comfort_outdoor_panels_15\"_firmware 16 (5 CPE variants)
siemens/simatic_hmi_comfort_outdoor_panels_15\"_firmware 15.1 (6 CPE variants)
siemens/simatic_hmi_comfort_outdoor_panels_15\"_firmware < 16
siemens/simatic_hmi_comfort_outdoor_panels_7\"_firmware 16 (4 CPE variants)
siemens/simatic_hmi_comfort_outdoor_panels_7\"_firmware 15.1 (6 CPE variants)
siemens/simatic_hmi_comfort_outdoor_panels_7\"_firmware < 16
siemens/simatic_hmi_comfort_panels_22\"_firmware 16 (4 CPE variants)
siemens/simatic_hmi_comfort_panels_22\"_firmware 15.1 (6 CPE variants)
siemens/simatic_hmi_comfort_panels_22\"_firmware < 16
siemens/simatic_hmi_comfort_panels_4\"_firmware 16 (4 CPE variants)
... and 4 more
Published May 12, 2021
Tracked Since Feb 18, 2026