According to advisories published by both Siemens and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), the security holes affect APE versions prior to 2.0.2 (only affected if SSL/TLS component or Crossbow is used), versions 3.8 through 3.12 of WinCC OA (PVSS), and all versions of CP1543-1, ROX 1 (only affected if Crossbow is installed), ROX 2 (only affected if eLAN or Crossbow is installed), and SIMATIC S7-1500.