CVE-2021-27386
📋 TL;DR
This vulnerability is a heap allocation leak in the SmartVNC device layout handler on client-side devices, which could lead to Denial-of-Service conditions. It affects multiple Siemens industrial HMI panels, WinCC Runtime systems, and SINAMICS drives. Attackers could exploit this to crash affected devices, disrupting industrial operations.
💻 Affected Systems
- SIMATIC HMI Comfort Outdoor Panels V15 7" & 15"
- SIMATIC HMI Comfort Outdoor Panels V16 7" & 15"
- SIMATIC HMI Comfort Panels V15 4" - 22"
- SIMATIC HMI Comfort Panels V16 4" - 22"
- SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900, KTP900F
- SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900, KTP900F
- SIMATIC WinCC Runtime Advanced V15
- SIMATIC WinCC Runtime Advanced V16
- SINAMICS GH150
- SINAMICS GL150 (with option X30)
- SINAMICS GM150 (with option X30)
- SINAMICS SH150
- SINAMICS SL150
- SINAMICS SM120
- SINAMICS SM150
- SINAMICS SM150i
📦 What is this software?
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 15\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 15\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Outdoor Panels 7\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Outdoor Panels 7\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 22\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 22\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Comfort Panels 4\" Firmware by Siemens
View all CVEs affecting Simatic Hmi Comfort Panels 4\" Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp400f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp700f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900 Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware by Siemens
View all CVEs affecting Simatic Hmi Ktp Mobile Panels Ktp900f Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Complete device crash leading to operational disruption in industrial environments, potentially affecting safety-critical systems or production lines.
Likely Case
Service interruption on affected HMI panels or drives requiring manual restart, causing temporary production downtime.
If Mitigated
Minimal impact if devices are isolated from untrusted networks and regularly monitored for abnormal behavior.
🎯 Exploit Status
Exploitation requires network access to vulnerable SmartVNC service. No public exploits known as of advisory publication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: V15.1 Update 6 for V15 products, V16 Update 4 for V16 products
Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
Restart Required: Yes
Instructions:
1. Download appropriate update from Siemens Industrial Security. 2. Apply update following Siemens documentation. 3. Restart affected devices. 4. Verify version matches patched release.
🔧 Temporary Workarounds
Network Segmentation
allIsolate affected devices in separate network segments with strict firewall rules limiting access to SmartVNC services.
Disable Unused Services
allDisable SmartVNC service if not required for operations.
🧯 If You Can't Patch
- Implement strict network access controls to limit connections to affected devices
- Monitor device memory usage and restart devices showing abnormal memory consumption
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against affected versions list. For SINAMICS drives, verify if option X30 is installed.Check Version:
Check version via Siemens HMI device interface or TIA Portal project properties.Verify Fix Applied:
Confirm device firmware version is V15.1 Update 6 or higher for V15 products, or V16 Update 4 or higher for V16 products.📡 Detection & Monitoring
Log Indicators:
- Unexpected device restarts
- Memory exhaustion warnings
- SmartVNC service crashes
Network Indicators:
- Multiple connection attempts to SmartVNC ports (typically 5900+)
- Abnormal traffic patterns to industrial devices
SIEM Query:
source="industrial_devices" AND (event_type="crash" OR memory_usage>90%) AND process="SmartVNC"🔗 References
- https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12
- https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12
