CVE-2021-27385: A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMA...

Description

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). A remote attacker could send specially crafted packets to SmartVNC device layout handler on client side, which could influence the amount of resources consumed and result in a Denial-of-Service (infinite loop) condition.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

2.53%

82.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Siemens	Simatic Wincc Runtime Advanced	< 16
Siemens	Simatic Wincc Runtime Advanced	16
Siemens	Sinamics Sh150 Firmware	All versions
Siemens	Sinamics Sm150i Firmware	All versions
Siemens	Sinamics Gh150 Firmware	All versions
Siemens	Sinamics Gl150 Firmware	All versions
Siemens	Sinamics Gm150 Firmware	All versions
Siemens	Sinamics Sl150 Firmware	All versions
Siemens	Sinamics Sm120 Firmware	All versions
Siemens	Sinamics Sm150 Firmware	All versions
Siemens	Simatic Hmi Comfort Outdoor Panels 7\" Firmware	< 16
Siemens	Simatic Hmi Comfort Outdoor Panels 7\" Firmware	16
Siemens	Simatic Hmi Comfort Outdoor Panels 15\" Firmware	< 16
Siemens	Simatic Hmi Comfort Outdoor Panels 15\" Firmware	16
Siemens	Simatic Hmi Comfort Panels 4\" Firmware	< 16
Siemens	Simatic Hmi Comfort Panels 4\" Firmware	16
Siemens	Simatic Hmi Comfort Panels 22\" Firmware	< 16
Siemens	Simatic Hmi Comfort Panels 22\" Firmware	16
Siemens	Simatic Hmi Ktp Mobile Panels Ktp400f Firmware	< 16
Siemens	Simatic Hmi Ktp Mobile Panels Ktp400f Firmware	16
Siemens	Simatic Hmi Ktp Mobile Panels Ktp700 Firmware	< 16
Siemens	Simatic Hmi Ktp Mobile Panels Ktp700 Firmware	16
Siemens	Simatic Hmi Ktp Mobile Panels Ktp700f Firmware	< 16
Siemens	Simatic Hmi Ktp Mobile Panels Ktp700f Firmware	16
Siemens	Simatic Hmi Ktp Mobile Panels Ktp900 Firmware	< 16
Siemens	Simatic Hmi Ktp Mobile Panels Ktp900 Firmware	16
Siemens	Simatic Hmi Ktp Mobile Panels Ktp900f Firmware	< 16
Siemens	Simatic Hmi Ktp Mobile Panels Ktp900f Firmware	16
Siemens	Simatic Hmi Comfort Outdoor Panels 7\" Firmware	< 15.1
Siemens	Simatic Hmi Comfort Outdoor Panels 7\" Firmware	15.1
Siemens	Simatic Hmi Comfort Outdoor Panels 15\" Firmware	< 15.1
Siemens	Simatic Hmi Comfort Outdoor Panels 15\" Firmware	15.1
Siemens	Simatic Hmi Comfort Panels 4\" Firmware	< 15.1
Siemens	Simatic Hmi Comfort Panels 4\" Firmware	15.1
Siemens	Simatic Hmi Comfort Panels 22\" Firmware	< 15.1
Siemens	Simatic Hmi Comfort Panels 22\" Firmware	15.1
Siemens	Simatic Hmi Ktp Mobile Panels Ktp400f Firmware	< 15.1
Siemens	Simatic Hmi Ktp Mobile Panels Ktp400f Firmware	15.1
Siemens	Simatic Hmi Ktp Mobile Panels Ktp700 Firmware	< 15.1
Siemens	Simatic Hmi Ktp Mobile Panels Ktp700 Firmware	15.1
Siemens	Simatic Hmi Ktp Mobile Panels Ktp700f Firmware	< 15.1
Siemens	Simatic Hmi Ktp Mobile Panels Ktp700f Firmware	15.1
Siemens	Simatic Hmi Ktp Mobile Panels Ktp900 Firmware	< 15.1
Siemens	Simatic Hmi Ktp Mobile Panels Ktp900 Firmware	15.1
Siemens	Simatic Hmi Ktp Mobile Panels Ktp900f Firmware	< 15.1
Siemens	Simatic Hmi Ktp Mobile Panels Ktp900f Firmware	15.1
Siemens	Simatic Wincc Runtime Advanced	< 15.1
Siemens	Simatic Wincc Runtime Advanced	15.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdfVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdfVendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12Third Party Advisory, US Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdfVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdfVendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12Third Party Advisory, US Government Resource

Timeline

Published: May 12, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-27385?

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). A remote attacker could send specially crafted packets to SmartVNC device layout handler on client side, which could influence the amount of resources consumed and result in a Denial-of-Service (infinite loop) condition.

How severe is CVE-2021-27385?

CVE-2021-27385 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 2.53% probability of exploitation in the next 30 days.

How do I fix CVE-2021-27385?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.