CVE-2021-27383

SmartVNC has a heap allocation leak vulnerability in the server Tight encoder, which could result in a denial-of-service condition on the SIMATIC HMIs/WinCC Products SIMATIC HMI Comfort Outdoor Panels 7’ and 15’ (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4’to 22’ (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900, and KTP900F, SIMATIC WinCC Runtime Advanced (All versions prior to v16 Update 4).

Summary:

SmartVNC has a heap allocation leak vulnerability in the server Tight encoder, which could result in a denial-of-service condition on the SIMATIC HMIs/WinCC Products SIMATIC HMI Comfort Outdoor Panels 7’ and 15’ (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4’to 22’ (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900, and KTP900F, SIMATIC WinCC Runtime Advanced (All versions prior to v16 Update 4).

Reference Links(if available):

  • https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf
  • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
  • https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12
  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)