CVE-2021-27383

Q: How do I fix CVE-2021-27383?

1. Download appropriate update from Siemens Industrial Security website. 2. Apply update following Siemens documentation. 3. Restart affected devices. 4. Verify update installation.

Q: What is the severity of CVE-2021-27383?

CVE-2021-27383 has a CVSS score of 7.5 (HIGH). This vulnerability is a heap allocation leak in the SmartVNC Tight encoder affecting Siemens industrial HMI panels and drives. It allows attackers to cause denial-of-service conditions by exhausting system memory. Affected systems include SIMATIC HMI panels, WinCC Runtime Advanced, and various SINAMICS drives.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability is a heap allocation leak in the SmartVNC Tight encoder affecting Siemens industrial HMI panels and drives. It allows attackers to cause denial-of-service conditions by exhausting system memory. Affected systems include SIMATIC HMI panels, WinCC Runtime Advanced, and various SINAMICS drives.

💻 Affected Systems

Products:

SIMATIC HMI Comfort Outdoor Panels V15 7" & 15"
SIMATIC HMI Comfort Outdoor Panels V16 7" & 15"
SIMATIC HMI Comfort Panels V15 4" - 22"
SIMATIC HMI Comfort Panels V16 4" - 22"
SIMATIC HMI KTP Mobile Panels V15
SIMATIC HMI KTP Mobile Panels V16
SIMATIC WinCC Runtime Advanced V15
SIMATIC WinCC Runtime Advanced V16
SINAMICS GH150
SINAMICS GL150
SINAMICS GM150
SINAMICS SH150
SINAMICS SL150
SINAMICS SM120
SINAMICS SM150
SINAMICS SM150i

Versions: V15 versions < V15.1 Update 6, V16 versions < V16 Update 4, SINAMICS drives: All versions

Operating Systems: Embedded/Industrial OS specific to Siemens devices

Default Config Vulnerable: ⚠️ Yes

Notes: SIPLUS variants are also affected. SINAMICS GL150 and GM150 only vulnerable with option X30 installed.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash requiring physical restart, potentially disrupting industrial processes and causing production downtime.

🟠

Likely Case

Degraded performance or temporary unavailability of HMI panels and drives until memory is freed or system is restarted.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring detecting abnormal memory usage patterns.

🌐 Internet-Facing: MEDIUM - While industrial systems shouldn't be internet-facing, those that are could be targeted for DoS attacks.

🏢 Internal Only: MEDIUM - Internal attackers or malware could exploit this to disrupt operations, but requires network access to VNC services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires network access to VNC services (typically port 5900). The vulnerability is in the Tight encoder implementation within SmartVNC.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V15.1 Update 6 for V15 products, V16 Update 4 for V16 products

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf

Restart Required: Yes

Instructions:

1. Download appropriate update from Siemens Industrial Security website. 2. Apply update following Siemens documentation. 3. Restart affected devices. 4. Verify update installation.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to VNC services (port 5900) to only trusted management networks.

Disable VNC if not needed

all

Disable SmartVNC services on devices where remote access is not required.

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices from untrusted networks
Monitor for abnormal memory usage patterns and implement alerting for potential exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against affected versions list. Verify if SmartVNC service is running on port 5900.

Check Version:

Check version through Siemens TIA Portal or device web interface (varies by product)

Verify Fix Applied:

Confirm firmware version is V15.1 Update 6 or higher for V15 devices, or V16 Update 4 or higher for V16 devices.

📡 Detection & Monitoring

Log Indicators:

Abnormal memory usage patterns
VNC connection attempts from unusual sources
System crash/restart events

Network Indicators:

Multiple connections to port 5900
Unusual VNC traffic patterns

SIEM Query:

source_port=5900 AND (bytes_sent > threshold OR connection_count > normal_baseline)

📊 Metadata

CVE ID: CVE-2021-27383

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

Published: May 12, 2021

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12 Third Party Advisory,US Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12 Third Party Advisory,US Government Resource

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens

Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens

Simatic Hmi Comfort Panels 22\" Firmware by Siemens

Simatic Hmi Comfort Panels 22\" Firmware by Siemens

Simatic Hmi Comfort Panels 22\" Firmware by Siemens

Simatic Hmi Comfort Panels 22\" Firmware by Siemens

Simatic Hmi Comfort Panels 22\" Firmware by Siemens

Simatic Hmi Comfort Panels 22\" Firmware by Siemens

Simatic Hmi Comfort Panels 22\" Firmware by Siemens

Simatic Hmi Comfort Panels 22\" Firmware by Siemens

Simatic Hmi Comfort Panels 22\" Firmware by Siemens

Simatic Hmi Comfort Panels 22\" Firmware by Siemens

Simatic Hmi Comfort Panels 22\" Firmware by Siemens

Simatic Hmi Comfort Panels 22\" Firmware by Siemens

Simatic Hmi Comfort Panels 4\" Firmware by Siemens

Simatic Hmi Comfort Panels 4\" Firmware by Siemens

Simatic Hmi Comfort Panels 4\" Firmware by Siemens

Simatic Hmi Comfort Panels 4\" Firmware by Siemens

Simatic Hmi Comfort Panels 4\" Firmware by Siemens

Simatic Hmi Comfort Panels 4\" Firmware by Siemens

Simatic Hmi Comfort Panels 4\" Firmware by Siemens

Simatic Hmi Comfort Panels 4\" Firmware by Siemens

Simatic Hmi Comfort Panels 4\" Firmware by Siemens

Simatic Hmi Comfort Panels 4\" Firmware by Siemens

Simatic Hmi Comfort Panels 4\" Firmware by Siemens

Simatic Hmi Comfort Panels 4\" Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens

Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens