CVE-2021-37172

EPSS 0.19%
Veröffentlicht 10.08.2021 11:15:09
Zuletzt bearbeitet 21.11.2024 06:14:47
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Simatic S7-1200 Cpu Firmware Version4.5.0

   Siemens ≫ Cpu 1211c Version-
   Siemens ≫ Cpu 1212c Version-
   Siemens ≫ Cpu 1212fc Version-
   Siemens ≫ Cpu 1214c Version-
   Siemens ≫ Cpu 1214fc Version-
   Siemens ≫ Cpu 1215c Version-
   Siemens ≫ Cpu 1215fc Version-
   Siemens ≫ Cpu 1217c Version-

Siemens ≫ Simatic Step 7 (tia Portal) Version <= 13.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.373

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-37172

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-37172

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-37172

EUVD