CVE-2021-27384
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on affected Siemens industrial control systems by exploiting an out-of-bounds memory access in the SmartVNC device layout handler. It affects multiple SIMATIC HMI panels, WinCC Runtime Advanced, and SINAMICS drive systems. The high CVSS score of 9.8 indicates critical severity with network-accessible attack vectors.
💻 Affected Systems
- SIMATIC HMI Comfort Outdoor Panels V15 7" & 15"
- SIMATIC HMI Comfort Outdoor Panels V16 7" & 15"
- SIMATIC HMI Comfort Panels V15 4" - 22"
- SIMATIC HMI Comfort Panels V16 4" - 22"
- SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900, KTP900F
- SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900, KTP900F
- SIMATIC WinCC Runtime Advanced V15
- SIMATIC WinCC Runtime Advanced V16
- SINAMICS GH150
- SINAMICS GL150 (with option X30)
- SINAMICS GM150 (with option X30)
- SINAMICS SH150
- SINAMICS SL150
- SINAMICS SM120
- SINAMICS SM150
- SINAMICS SM150i
📦 What is this software?
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to execute arbitrary code, potentially leading to industrial process disruption, data theft, or physical damage to connected equipment.
Likely Case
Remote code execution enabling attackers to gain control of HMI panels or drive systems, potentially disrupting operations or establishing persistence in industrial networks.
If Mitigated
Limited impact if systems are isolated in air-gapped networks with strict access controls, though lateral movement risk remains if initial access is achieved.
🎯 Exploit Status
The vulnerability requires network access to the VNC service but no authentication. Exploitation complexity is low due to the out-of-bounds memory access nature.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: V15.1 Update 6 for V15 products, V16 Update 4 for V16 products
Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
Restart Required: Yes
Instructions:
1. Download appropriate updates from Siemens Industrial Online Support. 2. Apply updates according to Siemens documentation. 3. Restart affected systems. 4. Verify update installation through version checks.
🔧 Temporary Workarounds
Network Segmentation
allIsolate affected systems in dedicated network segments with strict firewall rules limiting access to VNC ports.
Disable Unnecessary Services
allDisable VNC/remote access services if not required for operations.
🧯 If You Can't Patch
- Implement strict network access controls allowing only trusted IP addresses to connect to VNC services.
- Monitor network traffic for unusual VNC connections or exploit attempts using intrusion detection systems.
🔍 How to Verify
Check if Vulnerable:
Check system version against affected versions list. For HMI panels, check TIA Portal project settings or device properties.Check Version:
System-specific Siemens commands vary by product. Consult Siemens documentation for version checking procedures.Verify Fix Applied:
Verify installed version is V15.1 Update 6 or higher for V15 products, or V16 Update 4 or higher for V16 products.📡 Detection & Monitoring
Log Indicators:
- Unusual VNC connection attempts
- System crashes or unexpected reboots of HMI panels
- Unauthorized configuration changes
Network Indicators:
- Unexpected traffic to VNC ports (typically 5900/tcp)
- Traffic patterns suggesting exploit attempts against SmartVNC
SIEM Query:
source_ip OUTSIDE trusted_range AND dest_port=5900 AND protocol=TCP🔗 References
- https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11
- https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11
