VYPR
← All advisories
Unrated severityNVD Advisory· Published May 12, 2021· Updated Aug 3, 2024

CVE-2021-27385

CVE-2021-27385

Description

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). A remote attacker could send specially crafted packets to SmartVNC device layout handler on client side, which could influence the amount of resources consumed and result in a Denial-of-Service (infinite loop) condition.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A remote attacker can cause a denial-of-service (infinite loop) in Siemens SIMATIC HMI and WinCC products by sending specially crafted packets to the SmartVNC device layout handler.

Vulnerability

The SmartVNC device layout handler in Siemens SIMATIC HMI Comfort Outdoor Panels, Comfort Panels, KTP Mobile Panels, and WinCC Runtime Advanced (V15 and V16) as well as SINAMICS drives (GH150, GL150, GM150, SH150, SL150, SM120, SM150, SM150i) contains a vulnerability that allows an infinite loop when processing specially crafted packets. Affected versions are all V15 versions prior to V15.1 Update 6, all V16 versions prior to V16 Update 4, and all versions of the listed SINAMICS drives [1].

Exploitation

An unauthenticated remote attacker can send specially crafted packets to the SmartVNC client on the affected device. No user interaction is required. The attacker only needs network access to the target device. The crafted packets trigger an infinite loop in the device layout handler, consuming excessive resources.

Impact

Successful exploitation leads to a denial-of-service condition due to resource exhaustion. The device becomes unresponsive, potentially disrupting HMI operations and control functions. No data confidentiality or integrity is compromised, but availability is severely impacted.

Mitigation

Siemens has released updates: V15.1 Update 6 for V15 products and V16 Update 4 for V16 products. For SINAMICS drives, no patch is currently available; Siemens recommends applying defense-in-depth measures such as network segmentation and restricting access to trusted networks [1].

References
  1. Siemens SIMATIC SmartVNC HMI WinCC Products (Update B) | CISA

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

19
  • Siemens Foundation/SIMATIC HMI Comfort Outdoor Panels V15llm-fuzzy
    Range: < V15.1 Update 6 (V15) / < V16 Update 4 (V16)
  • Siemens Foundation/Simatic Hmi Comfort Panelsllm-fuzzy
    Range: < V15.1 Update 6 (V15) / < V16 Update 4 (V16)
  • Siemens Foundation/SIMATIC WinCC Runtime Advancedllm-fuzzy
    Range: < V15.1 Update 6 (V15) / < V16 Update 4 (V16)
  • Siemens/SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants)v5
    Range: All versions < V15.1 Update 6
  • Siemens/SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants)v5
    Range: All versions < V16 Update 4
  • Siemens/SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants)v5
    Range: All versions < V15.1 Update 6
  • Siemens/SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants)v5
    Range: All versions < V16 Update 4
  • Siemens/SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900Fv5
    Range: All versions < V15.1 Update 6
  • Siemens/SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900Fv5
    Range: All versions < V16 Update 4
  • Siemens Foundation/Wincc Runtime Advancedcpe-rescue2 versions
    All versions < V15.1 Update 6+ 1 more
    • (no CPE)range: All versions < V15.1 Update 6
    • (no CPE)range: All versions < V16 Update 4
  • Siemens Foundation/Sinamics G150cpe-rescue
    Range: All versions
  • Siemens/SINAMICS GL150 (with option X30)v5
    Range: All versions
  • Siemens/SINAMICS GM150 (with option X30)v5
    Range: All versions
  • Siemens Foundation/Sinamics S150cpe-rescue4 versions
    All versions+ 3 more
    • (no CPE)range: All versions
    • (no CPE)range: All versions
    • (no CPE)range: All versions
    • (no CPE)range: All versions
  • Siemens Foundation/Sinamics S120cpe-rescue
    Range: All versions

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.