A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 4). A remote attacker could send specially crafted packets to SmartVNC device layout handler on client side, which could influence the amount of resources consumed and result in a Denial-of-Service (infinite loop) condition.

A remote attacker could send specially crafted packets to a SmartVNC device layout handler on the client side, which could influence the number of resources consumed and result in a denial-of-service condition (infinite loop) on the SIMATIC HMIs/WinCC Products SIMATIC HMI Comfort Outdoor Panels 7’ and 15’ (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4’to 22’ (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900, and KTP900F, SIMATIC WinCC Runtime Advanced (All versions prior to v16 Update 4).

https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12 [No Types Assigned]