SIMATIC WinCC Runtime Professional v13: All versions prior to v13 SP2 Update 4.SIMATIC WinCC Runtime Advanced: All versions prior to v16 Update 2.SIMATIC WinCC OA v3.17: All versions prior to P003.SIMATIC WinCC OA v3.16: All versions prior to P018.SIMATIC STEP 7 (TIA Portal) v16: All versions prior to v16 Update 2.SIMATIC STEP 7 (TIA Portal) v15: All versions prior to v15.1 Update 5.SIMATIC WinCC Runtime Professional v14: All versions prior to v14 SP1 Update 10.SIMATIC STEP 7 (TIA Portal) v14: All versions prior to v14 SP1 Update 10.SIMATIC STEP 7 (TIA Portal) v13: All versions prior to SP2 Update 4.SIMATIC STEP 7: All versions prior to v5.6 SP2 HF3.SINAMICS STARTER: All versions prior to v5.4 HF2.SIMATIC S7-1500 Software Controller: All versions prior to v21.8.SIMATIC PCS neo: All versions prior to v3.0 SP1.SIMATIC NET PC software: All versions after v16 and prior to v16 Upd3.
The following Siemens products are affected: Successful exploitation of this vulnerability could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. This updated advisory is a follow-up to the advisory update titled ICSA-20-161-04 Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update J) that was published April 14, 2022, to the ICS webpage on 3.