CVE-2021-37206

EPSS 0.58%
Published 14.09.2021 11:15:26
Last modified 21.11.2024 06:14:51
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Siprotec 5 With Cpu Variant Cp050 Version < 8.80

Siemens ≫ Siprotec 5 With Cpu Variant Cp100 Version < 8.80

Siemens ≫ Siprotec 5 With Cpu Variant Cp300 Version < 8.80

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.58%	0.662

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-37206

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-37206

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-37206

EUVD