CVE-2021-37172

EPSS 0.19%
Published 10.08.2021 11:15:09
Last modified 21.11.2024 06:14:47
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Simatic S7-1200 Cpu Firmware Version4.5.0

   Siemens ≫ Cpu 1211c Version-
   Siemens ≫ Cpu 1212c Version-
   Siemens ≫ Cpu 1212fc Version-
   Siemens ≫ Cpu 1214c Version-
   Siemens ≫ Cpu 1214fc Version-
   Siemens ≫ Cpu 1215c Version-
   Siemens ≫ Cpu 1215fc Version-
   Siemens ≫ Cpu 1217c Version-

Siemens ≫ Simatic Step 7 (tia Portal) Version <= 13.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.373

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-37172

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-37172

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-37172

EUVD