VYPR
← All advisories
Unrated severityNVD Advisory· Published May 12, 2021· Updated Aug 3, 2024

CVE-2021-27383

CVE-2021-27383

Description

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the server Tight encoder, which could result in a Denial-of-Service condition.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A heap allocation leak in SmartVNC's Tight encoder allows remote attackers to cause a denial-of-service condition on multiple Siemens HMI products.

Vulnerability

The vulnerability is a heap allocation leak in the SmartVNC server's Tight encoder [1]. Affected products include SIMATIC HMI Comfort Outdoor Panels V15 and V16, SIMATIC HMI Comfort Panels V15 and V16, SIMATIC HMI KTP Mobile Panels V15 and V16, SIMATIC WinCC Runtime Advanced V15 and V16, and several SINAMICS drives (GH150, GL150, GM150, SH150, SL150, SM120, SM150, SM150i) all versions prior to the respective fixes [1].

Exploitation

An attacker can remotely send specially crafted data to the SmartVNC server without authentication, triggering the heap allocation leak and causing a denial-of-service condition [1].

Impact

Successful exploitation leads to a denial-of-service condition, making the affected device unresponsive [1]. No code execution or information disclosure is associated with this specific vulnerability [1].

Mitigation

Fixed versions are V15.1 Update 6 for V15 products and V16 Update 4 for V16 products [1]. Users should update to these versions. No workarounds are available [1].

References
  1. Siemens SIMATIC SmartVNC HMI WinCC Products (Update B) | CISA

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

17

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.