CVE-2021-37206

EPSS 0.58%
Veröffentlicht 14.09.2021 11:15:26
Zuletzt bearbeitet 21.11.2024 06:14:51
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Siprotec 5 With Cpu Variant Cp050 Version < 8.80

Siemens ≫ Siprotec 5 With Cpu Variant Cp100 Version < 8.80

Siemens ≫ Siprotec 5 With Cpu Variant Cp300 Version < 8.80

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.58%	0.662

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-37206

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-37206

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-37206

EUVD