SINEC NMS: All versions prior to v1.0 SP2Ĥ.2 VULNERABILITY OVERVIEW 4.2.1 UNQUOTED SEARCH PATH OR ELEMENT CWE-428.SIMATIC Automation Tool: All versions prior to v4 SP2.SINUMERIK Operate: All versions prior to v6.14.SINUMERIK ONE virtual: All versions prior to v6.14.SIMATIC ProSave: All versions prior to v17.SINEMA Server: All versions prior to v14 SP3.
SIMATIC WinCC v7.5: All versions prior to v7.5 SP1 Update 3.SIMATIC WinCC v7.4: All versions prior to v7.4 SP1 Update 14.SIMATIC WinCC Runtime Professional v16: All versions prior to v16 Update 2.SIMATIC WinCC Runtime Professional v15: All versions prior to v15.1 Update 5.SIMATIC WinCC Runtime Professional v14: All versions.
SIMATIC S7-1500 Software Controller: All versions prior to v21.8.SIMATIC PCS neo: All versions prior to v3.0 SP1.SIMATIC NET PC software: All versions after v16 and prior to v16 Upd3.The following Siemens products are affected: Successful exploitation of this vulnerability could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. This updated advisory is a follow-up to the advisory update titled ICSA-20-161-04 Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update H) that was published September 14, 2021, to the ICS webpage on. Vulnerability: Unquoted Search Path or Element.