CVE-2021-44221

EPSS 0.54%
Published 12.07.2022 10:15:09
Last modified 21.11.2024 06:30:36
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The affected systems do not properly validate input that is sent to the underlying message passing framework. This could allow an remote attacker to trigger a denial of service of the affected system.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Simatic Easie Core Package Version < 22.00

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.54%	0.666

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert-portal.siemens.com/productcert/pdf/ssa-580125.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-44221

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-44221

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-44221

EUVD