OpenSSL contains a stack-based buffer overflow vulnerability in its handling of PKCS#7/CMS certificate data. An attacker can send specially crafted certificate or digital signature content to trigger a buffer overflow, causing denial of service or potentially remote code execution. The vulnerability affects 140+ Siemens products including HMI panels, process control software (STEP 7, WinCC, WinCC OA), industrial routers (SCALANCE and RUGGEDCOM), data integration tools, PLC systems, and edge devices. Siemens has released patches for some products; others have mitigations only or are end-of-life with no fix planned. The vulnerability is exploitable if an affected system processes untrusted certificate data from external sources or compromised internal systems.
What this means
What could happen
An attacker who sends maliciously crafted certificate or digital signature data to an affected Siemens device could trigger a buffer overflow, causing the device to crash (denial of service) or potentially execute arbitrary commands on the controller.
Who's at risk
This vulnerability affects a broad range of Siemens industrial products across manufacturing environments: HMI (operator interface) panels including Basic, Comfort, and Mobile variants; process control software including STEP 7, WinCC, and WinCC OA; industrial routers (SCALANCE and RUGGEDCOM families); PLC systems; edge devices (SIMATIC IOT2050); data integration tools (Databus, Connector for Azure); industrial networking and monitoring systems. Organizations managing networked PLCs, operator workstations, remote access gateways, and SCADA systems should prioritize assessment and patching.
How it could be exploited
An attacker sends specially crafted PKCS#7 or CMS certificate content to the device (via email, file upload, network request, or trusted source compromise). The vulnerable OpenSSL library fails to validate the input length, writing data beyond the buffer boundary. This could crash the device or execute attacker code with the privileges of the application.
Prerequisites
Network reachability to the affected Siemens device or service that processes certificates/CMS data
Ability to send malicious PKCS#7/CMS content to the device (via email, file upload, API call, or compromised trusted source)
The device must be running one of the affected Siemens products with the vulnerable OpenSSL library
remotely exploitablelow complexityno authentication requiredhigh CVSS (9.8)affects industrial control and HMI systemsmultiple products with no fix planned (SCALANCE LPE9413, LPE9433; WinCC V7.5, V8.0, V8.1)affects safety-critical networks
Exploitability
Likely to be exploited — EPSS score 45.9%
Affected products (215)
15 with fix195 pending5 EOL
ProductAffected VersionsFix Status
AI Lightweight Inference ServerAll versionsNo fix yet
WORKAROUNDDo not accept files or digital certificates from untrusted or unvalidated external sources in any affected applications
HARDENINGRestrict network access to email servers and any systems that send CMS/PKCS#7 content to affected devices; use firewall rules to allow only trusted internal systems
HARDENINGRequire encrypted communication (TLS/SSL) for all SMTP and other certificate-related network connections to external systems
Schedule — requires maintenance window
0/9
Patching may require device reboot — plan for process interruption
Connector for Azure
HOTFIXUpdate Connector for Azure to version 1.8.0 or later
Databus
HOTFIXUpdate Databus to version 3.3.2 or later
SIMATIC HMI Basic Panels
HOTFIXUpdate SIMATIC HMI Basic Panels, Comfort Panels, and Mobile Panels to firmware 17.0.9 or later
SIMATIC STEP 7 V5
HOTFIXUpdate SIMATIC STEP 7 V5 to version 5.7 SP4 or later
SIMATIC WinCC Runtime Advanced V17
HOTFIXUpdate SIMATIC WinCC Runtime Advanced V17 to Update 9 or later
SIMATIC WinCC Unified Sequence
HOTFIXUpdate SIMATIC WinCC Unified Sequence to version 21 or later
SINEC INS
HOTFIXUpdate SINEC INS to version 1.0 SP2 Update 5 or later
User Management Component (UMC)
HOTFIXUpdate User Management Component (UMC) to version 2.15.3.0 or later
All products
HOTFIXUpdate SIMATIC WinCC OA to the latest patch version (3.19 P024, 3.20 P012, 3.21 P02, or later depending on your current version)