CVE-2021-41769

EPSS 0.47%
Published 11.01.2022 12:15:10
Last modified 21.11.2024 06:26:43
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ 6md85 Firmware Version < 8.83

Siemens ≫ 6md85 Version-

Siemens ≫ 6md86 Firmware Version < 8.83

Siemens ≫ 6md86 Version-

Siemens ≫ 6md89 Firmware Version < 8.83

Siemens ≫ 6md89 Version-

Siemens ≫ 6mu85 Firmware Version < 8.83

Siemens ≫ 6mu85 Version-

Siemens ≫ 7ke85 Firmware Version < 8.83

Siemens ≫ 7ke85 Version-

Siemens ≫ 7sa82 Firmware Version < 8.83

Siemens ≫ 7sa82 Version-

Siemens ≫ 7sa86 Firmware Version < 8.83

Siemens ≫ 7sa86 Version-

Siemens ≫ 7sa87 Firmware Version < 8.83

Siemens ≫ 7sa87 Version-

Siemens ≫ 7sd82 Firmware Version < 8.83

Siemens ≫ 7sd82 Version-

Siemens ≫ 7sd86 Firmware Version < 8.83

Siemens ≫ 7sd86 Version-

Siemens ≫ 7sd87 Firmware Version < 8.83

Siemens ≫ 7sd87 Version-

Siemens ≫ 7sj81 Firmware Version < 8.83

Siemens ≫ 7sj81 Version-

Siemens ≫ 7sj82 Firmware Version < 8.83

Siemens ≫ 7sj82 Version-

Siemens ≫ 7sj85 Firmware Version < 8.83

Siemens ≫ 7sj85 Version-

Siemens ≫ 7sj86 Firmware Version < 8.83

Siemens ≫ 7sj86 Version-

Siemens ≫ 7sk82 Firmware Version < 8.83

Siemens ≫ 7sk82 Version-

Siemens ≫ 7sk85 Firmware Version < 8.83

Siemens ≫ 7sk85 Version-

Siemens ≫ 7sl82 Firmware Version < 8.83

Siemens ≫ 7sl82 Version-

Siemens ≫ 7sl86 Firmware Version < 8.83

Siemens ≫ 7sl86 Version-

Siemens ≫ 7sl87 Firmware Version < 8.83

Siemens ≫ 7sl87 Version-

Siemens ≫ 7ss85 Firmware Version < 8.83

Siemens ≫ 7ss85 Version-

Siemens ≫ 7st85 Firmware Version < 8.83

Siemens ≫ 7st85 Version-

Siemens ≫ 7sx800 Firmware Version < 8.83

Siemens ≫ 7sx800 Version-

Siemens ≫ 7sx85 Firmware Version < 8.83

Siemens ≫ 7sx85 Version-

Siemens ≫ 7um85 Firmware Version < 8.83

Siemens ≫ 7um85 Version-

Siemens ≫ 7ut82 Firmware Version < 8.83

Siemens ≫ 7ut82 Version-

Siemens ≫ 7ut85 Firmware Version < 8.83

Siemens ≫ 7ut85 Version-

Siemens ≫ 7ut86 Firmware Version < 8.83

Siemens ≫ 7ut86 Version-

Siemens ≫ 7ut87 Firmware Version < 8.83

Siemens ≫ 7ut87 Version-

Siemens ≫ 7ve85 Firmware Version < 8.83

Siemens ≫ 7ve85 Version-

Siemens ≫ 7vk87 Firmware Version < 8.83

Siemens ≫ 7vk87 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.47%	0.618

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-41769

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-41769

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-41769

EUVD