Vulnerability-Lookup

CVE-2021-42029 (GCVE-0-2021-42029)

Vulnerability from cvelistv5 – Published: 2022-04-12 09:07 – Updated: 2024-08-04 03:22

Summary

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server.

Severity ?

No CVSS data available.

CWE

CWE-284 - Improper Access Control

Assigner

siemens

References

URL

GHSA-VP88-R9QC-VWRW

Vulnerability from github – Published: 2022-04-13 00:00 – Updated: 2022-04-20 00:00

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-42029"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-12T09:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions \u003c V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server.",
  "id": "GHSA-vp88-r9qc-vwrw",
  "modified": "2022-04-20T00:00:56Z",
  "published": "2022-04-13T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42029"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2022-28501

Vulnerability from cnvd - Published: 2022-04-13

Title

Siemens TIA Portal访问控制错误漏洞

Description

SIMATIC STEP 7 (TIA Portal) 是用于组态和编程SIMATIC控制器的工程软件。 Siemens TIA Portal存在访问控制错误漏洞，攻击者可利用该漏洞实现权限提升。

Severity

中

Patch Name

Siemens TIA Portal访问控制错误漏洞的补丁

Patch Description

SIMATIC STEP 7 (TIA Portal) 是用于组态和编程SIMATIC控制器的工程软件。 Siemens TIA Portal存在访问控制错误漏洞，攻击者可利用该漏洞实现权限提升。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.siemens.com

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf

Impacted products

Name
['SIEMENS SIMATIC STEP 7 (TIA Portal) V15', 'SIEMENS SIMATIC STEP 7 (TIA Portal) V16 <V16 Update 5', 'Siemens SIMATIC STEP 7 (TIA Portal) V17 <V17 Update 2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-42029"
    }
  },
  "description": "SIMATIC STEP 7 (TIA Portal) \u662f\u7528\u4e8e\u7ec4\u6001\u548c\u7f16\u7a0bSIMATIC\u63a7\u5236\u5668\u7684\u5de5\u7a0b\u8f6f\u4ef6\u3002\n\nSiemens TIA Portal\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u6743\u9650\u63d0\u5347\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.siemens.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-28501",
  "openTime": "2022-04-13",
  "patchDescription": "SIMATIC STEP 7 (TIA Portal) \u662f\u7528\u4e8e\u7ec4\u6001\u548c\u7f16\u7a0bSIMATIC\u63a7\u5236\u5668\u7684\u5de5\u7a0b\u8f6f\u4ef6\u3002\r\n\r\nSiemens TIA Portal\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u6743\u9650\u63d0\u5347\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens TIA Portal\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SIEMENS SIMATIC STEP 7 (TIA Portal) V15",
      "SIEMENS SIMATIC STEP 7 (TIA Portal) V16 \u003cV16 Update 5",
      "Siemens SIMATIC STEP 7 (TIA Portal) V17 \u003cV17 Update 2"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf",
  "serverity": "\u4e2d",
  "submitTime": "2022-04-13",
  "title": "Siemens TIA Portal\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2021-42029

Vulnerability from fstec - Published: 06.10.2021

Title

Уязвимость реализации конфигурации веб-сервера микропрограммного обеспечения программируемых логических контроллеров Siemens SIMATIC STEP 7 (TIA Portal), позволяющая нарушителю повысить свои привилегии

Description

Уязвимость реализации конфигурации веб-сервера микропрограммного обеспечения программируемых логических контроллеров Siemens SIMATIC STEP 7 (TIA Portal) связана с недостатками разграничения доступа. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

Siemens AG

Software Name

SIMATIC STEP 7 (TIA Portal)

Software Version

15 (SIMATIC STEP 7 (TIA Portal)), от 16 до 16 Update 5 (SIMATIC STEP 7 (TIA Portal)), от 17 до 17 Update 2 (SIMATIC STEP 7 (TIA Portal))

Possible Mitigations

Использование рекомендаций: https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf https://nvd.nist.gov/vuln/detail/CVE-2021-42029 https://vuldb.com/?id.196963

CWE

CWE-269, CWE-284

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Siemens AG",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "15 (SIMATIC STEP 7 (TIA Portal)), \u043e\u0442 16 \u0434\u043e 16 Update 5 (SIMATIC STEP 7 (TIA Portal)), \u043e\u0442 17 \u0434\u043e 17 Update 2 (SIMATIC STEP 7 (TIA Portal))",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.10.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "04.08.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.08.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-04783",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-42029",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SIMATIC STEP 7 (TIA Portal)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 Siemens SIMATIC STEP 7 (TIA Portal), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 (CWE-269), \u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 Siemens SIMATIC STEP 7 (TIA Portal) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-42029\nhttps://vuldb.com/?id.196963",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-269, CWE-284",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}

CERTFR-2022-AVI-329

Vulnerability from certfr_avis - Published: 2022-04-12 - Updated: 2022-04-12

De multiples vulnérabilités ont été découvertes dans les produits SIEMENS. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SCALANCE X308-2 versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X307-3 versions antérieures à V4.1.4
Siemens	N/A	SIMIT Simulation Platform toutes versions
Siemens	N/A	Gamme SIMATIC S7-300 (y compris CPUs ET200 et variantes SIPLUS) toutes versions
Siemens	N/A	Gamme SIMATIC S7-400 PN/DP V7 (y compris variantes SIPLUS) toutes versions
Siemens	N/A	SIMATIC CFU DIQ (6ES7655-5PX31-1XX0) toutes versions
Siemens	N/A	SIMATIC WinAC RTX toutes versions
Siemens	N/A	SINETPLAN toutes versions
Siemens	N/A	SIMATIC TDC CP51M1 toutes versions
Siemens	N/A	SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0) versions antérieures à V3.0.0
Siemens	N/A	SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3) versions antérieures à V4.1.4
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) versions antérieures à V17 Update 2
Siemens	N/A	SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0) versions antérieures à V3.0.0
Siemens	N/A	SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0) versions antérieures à V3.0.0
Siemens	N/A	SCALANCE X310 versions antérieures à V4.1.4
Siemens	N/A	SCALANCE XR324-4M PoE TS versions antérieures à V4.1.4
Siemens	N/A	SIMATIC PCS neo (Administration Console) versions antérieures à V3.1 SP1
Siemens	N/A	SCALANCE X308-2LD versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X308-2M PoE versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X304-2FE (6GK5304-2BD00-2AA3) versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3) versions antérieures à V4.1.4
Siemens	N/A	TIA Portal V15, V15.1, V16 et V17
Siemens	N/A	SIMATIC TDC CPU555 toutes versions
Siemens	N/A	SCALANCE XR324-4M EEC versions antérieures à V4.1.4
Siemens	N/A	SICAM A8000 CP-8050 (6MF2805-0AA00) versions antérieures à V4.80
Siemens	N/A	SIMATIC Energy Manager PRO versions antérieures à V7.3 Update 1
Siemens	N/A	SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0) versions antérieures à V3.0.0
Siemens	N/A	SCALANCE X408-2 (6GK5408-2FD00-2AA2) versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X308-2LH versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X307-3LD versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X302-7 EEC versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X308-2LH+ versions antérieures à V4.1.4
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) versions antérieures à V16 Update 5
Siemens	N/A	SCALANCE X320-1 FE (6GK5320-1BD00-2AA3) versions antérieures à V4.1.4
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) V15 toutes versions
Siemens	N/A	SCALANCE X308-2M TS versions antérieures à V4.1.4
Siemens	N/A	Mendix Applications using Mendix 9 versions antérieures à V9.12.0
Siemens	N/A	SCALANCE XR324-12M TS versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X310FE versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X307-2 EEC versions antérieures à V4.1.4
Siemens	N/A	Simcenter Femap versions antérieures à V2022.1.
Siemens	N/A	SCALANCE XR324-12M versions antérieures à V4.1.4
Siemens	N/A	Gamme SIMATIC S7-410 V8 (y compris variantes SIPLUS) toutes versions
Siemens	N/A	Gamme SIMATIC S7-1500 (y compris CPUs ET200 et variantes SIPLUS) versions antérieures à V2.0.0
Siemens	N/A	Mendix Applications using Mendix 7 versions antérieures à V7.23.27 (ne corrige pas toutes les CVE)
Siemens	N/A	SCALANCE X308-2M versions antérieures à V4.1.4
Siemens	N/A	Gamme SIMATIC S7-400 H V6 (y compris variantes SIPLUS) versions antérieures à V6.0.10
Siemens	N/A	SIMATIC CFU PA (6ES7655-5PX11-0XX0) toutes versions
Siemens	N/A	SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3) versions antérieures à V4.1.4
Siemens	N/A	SIMATIC Energy Manager Basic versions antérieures à V7.3 Update 1
Siemens	N/A	SICAM A8000 CP-8031 (6MF2803-1AA00) versions antérieures à V4.80
Siemens	N/A	Gamme SIMATIC S7-410 V10 (y compris variantes SIPLUS) toutes versions
Siemens	N/A	Mendix Applications using Mendix 8 versions antérieures à V8.18.14 (ne corrige pas toutes les CVE)

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-446448 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-557541 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-655554 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-414513 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-870917 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-316850 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-836527 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-711829 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-392912 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-350757 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-998762 du 12 avril 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SCALANCE X308-2 versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X307-3 versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMIT Simulation Platform toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Gamme SIMATIC S7-300 (y compris CPUs ET200 et variantes SIPLUS) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Gamme SIMATIC S7-400 PN/DP V7 (y compris variantes SIPLUS) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CFU DIQ (6ES7655-5PX31-1XX0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinAC RTX toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINETPLAN toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC TDC CP51M1 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0) versions ant\u00e9rieures \u00e0 V3.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3) versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) versions ant\u00e9rieures \u00e0 V17 Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0) versions ant\u00e9rieures \u00e0 V3.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0) versions ant\u00e9rieures \u00e0 V3.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X310 versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR324-4M PoE TS versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo (Administration Console) versions ant\u00e9rieures \u00e0 V3.1 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X308-2LD versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X308-2M PoE versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X304-2FE (6GK5304-2BD00-2AA3) versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3) versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal V15, V15.1, V16 et V17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC TDC CPU555 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR324-4M EEC versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM A8000 CP-8050 (6MF2805-0AA00) versions ant\u00e9rieures \u00e0 V4.80",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Energy Manager PRO versions ant\u00e9rieures \u00e0 V7.3 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0) versions ant\u00e9rieures \u00e0 V3.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X408-2 (6GK5408-2FD00-2AA2) versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X308-2LH versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X307-3LD versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X302-7 EEC versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X308-2LH+ versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) versions ant\u00e9rieures \u00e0 V16 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X320-1 FE (6GK5320-1BD00-2AA3) versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) V15 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X308-2M TS versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Applications using Mendix 9 versions ant\u00e9rieures \u00e0 V9.12.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR324-12M TS versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X310FE versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X307-2 EEC versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Simcenter Femap versions ant\u00e9rieures \u00e0 V2022.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR324-12M versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Gamme SIMATIC S7-410 V8 (y compris variantes SIPLUS) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Gamme SIMATIC S7-1500 (y compris CPUs ET200 et variantes SIPLUS) versions ant\u00e9rieures \u00e0 V2.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Applications using Mendix 7 versions ant\u00e9rieures \u00e0 V7.23.27 (ne corrige pas toutes les CVE)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X308-2M versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Gamme SIMATIC S7-400 H V6 (y compris variantes SIPLUS) versions ant\u00e9rieures \u00e0 V6.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CFU PA (6ES7655-5PX11-0XX0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3) versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Energy Manager Basic versions ant\u00e9rieures \u00e0 V7.3 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM A8000 CP-8031 (6MF2803-1AA00) versions ant\u00e9rieures \u00e0 V4.80",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Gamme SIMATIC S7-410 V10 (y compris variantes SIPLUS) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Applications using Mendix 8 versions ant\u00e9rieures \u00e0 V8.18.14 (ne corrige pas toutes les CVE)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-27241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27241"
    },
    {
      "name": "CVE-2022-26380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26380"
    },
    {
      "name": "CVE-2022-27194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27194"
    },
    {
      "name": "CVE-2022-25754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25754"
    },
    {
      "name": "CVE-2022-28661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28661"
    },
    {
      "name": "CVE-2022-23448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23448"
    },
    {
      "name": "CVE-2022-25753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25753"
    },
    {
      "name": "CVE-2021-40368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40368"
    },
    {
      "name": "CVE-2022-26335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26335"
    },
    {
      "name": "CVE-2022-26334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26334"
    },
    {
      "name": "CVE-2022-23450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23450"
    },
    {
      "name": "CVE-2022-28328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28328"
    },
    {
      "name": "CVE-2022-27481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27481"
    },
    {
      "name": "CVE-2022-25756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25756"
    },
    {
      "name": "CVE-2022-25751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25751"
    },
    {
      "name": "CVE-2022-28329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28329"
    },
    {
      "name": "CVE-2022-25650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25650"
    },
    {
      "name": "CVE-2022-28663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28663"
    },
    {
      "name": "CVE-2022-27480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27480"
    },
    {
      "name": "CVE-2022-28662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28662"
    },
    {
      "name": "CVE-2021-42029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42029"
    },
    {
      "name": "CVE-2022-25622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25622"
    },
    {
      "name": "CVE-2022-25752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25752"
    },
    {
      "name": "CVE-2022-25755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25755"
    },
    {
      "name": "CVE-2022-23449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23449"
    }
  ],
  "initial_release_date": "2022-04-12T00:00:00",
  "last_revision_date": "2022-04-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-329",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-04-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSIEMENS. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SIEMENS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-446448 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-446448.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-557541 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-557541.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-655554 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-655554.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-414513 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-414513.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-870917 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-870917.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-316850 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-316850.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-836527 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-836527.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-711829 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-711829.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-392912 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-392912.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-350757 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-350757.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-998762 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-998762.html"
    }
  ]
}

GSD-2021-42029

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-42029

Aliases

CVE-2021-42029

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-42029",
    "description": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions \u003c V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server.",
    "id": "GSD-2021-42029"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-42029"
      ],
      "details": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions \u003c V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server.",
      "id": "GSD-2021-42029",
      "modified": "2023-12-13T01:23:06.377707Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2021-42029",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SIMATIC STEP 7 (TIA Portal) V15",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC STEP 7 (TIA Portal) V16",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c V16 Update 5"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC STEP 7 (TIA Portal) V17",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c V17 Update 2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions \u003c V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-284: Improper Access Control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:16:update1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:16:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:16:update2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:16:update3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:16:update4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "16",
                    "versionStartIncluding": "15",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:17:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:17:update1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511-1_pn:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513-1_pn:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515-2_pn:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3_pn:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3_dp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3_pn:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3_dp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_dp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1507s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1508s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1507s_f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1508s_f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3_pn\\/dp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3_pn\\/dp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\\/dp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511f-1_pn:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513f-1_pn:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515f-2_pn:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516f-3_pn\\/dp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517f-3_pn\\/dp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn\\/dp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215_fc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\\/dp_mfp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214fc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215fc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1510sp-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1510sp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511c-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511f-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511t-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511tf-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512c-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512sp-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512spf-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513f-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513r-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515-2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515f-2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515r-2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515t-2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515tf-2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516f-3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516pro-2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516pro_f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516t-3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516tf-3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517f-3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517tf-3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518hf-4:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518t-4:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518tf-4:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-42029"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions \u003c V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "N/A",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-08-09T00:31Z",
      "publishedDate": "2022-04-12T09:15Z"
    }
  }
}

FKIE_CVE-2021-42029

Vulnerability from fkie_nvd - Published: 2022-04-12 09:15 - Updated: 2024-11-21 06:27

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
siemens	simatic_step_7	*
siemens	simatic_step_7	16
siemens	simatic_step_7	16
siemens	simatic_step_7	16
siemens	simatic_step_7	16
siemens	simatic_step_7	16
siemens	simatic_step_7	17
siemens	simatic_step_7	17
siemens	simatic_s7-1200_cpu	-
siemens	simatic_s7-1200_cpu_1211c	-
siemens	simatic_s7-1200_cpu_1212c	-
siemens	simatic_s7-1200_cpu_1212fc	-
siemens	simatic_s7-1200_cpu_1214_fc	-
siemens	simatic_s7-1200_cpu_1214c	-
siemens	simatic_s7-1200_cpu_1214fc	-
siemens	simatic_s7-1200_cpu_1215_fc	-
siemens	simatic_s7-1200_cpu_1215c	-
siemens	simatic_s7-1200_cpu_1215fc	-
siemens	simatic_s7-1200_cpu_1217c	-
siemens	simatic_s7-1500_cpu	-
siemens	simatic_s7-1500_cpu_1507s	-
siemens	simatic_s7-1500_cpu_1507s_f	-
siemens	simatic_s7-1500_cpu_1508s	-
siemens	simatic_s7-1500_cpu_1508s_f	-
siemens	simatic_s7-1500_cpu_1510sp	-
siemens	simatic_s7-1500_cpu_1510sp-1	-
siemens	simatic_s7-1500_cpu_1511-1	-
siemens	simatic_s7-1500_cpu_1511-1_pn	-
siemens	simatic_s7-1500_cpu_1511c	-
siemens	simatic_s7-1500_cpu_1511c-1	-
siemens	simatic_s7-1500_cpu_1511f-1	-
siemens	simatic_s7-1500_cpu_1511f-1_pn	-
siemens	simatic_s7-1500_cpu_1511t-1	-
siemens	simatic_s7-1500_cpu_1511tf-1	-
siemens	simatic_s7-1500_cpu_1512c	-
siemens	simatic_s7-1500_cpu_1512c-1	-
siemens	simatic_s7-1500_cpu_1512sp-1	-
siemens	simatic_s7-1500_cpu_1512spf-1	-
siemens	simatic_s7-1500_cpu_1513-1	-
siemens	simatic_s7-1500_cpu_1513-1_pn	-
siemens	simatic_s7-1500_cpu_1513f-1	-
siemens	simatic_s7-1500_cpu_1513f-1_pn	-
siemens	simatic_s7-1500_cpu_1513r-1	-
siemens	simatic_s7-1500_cpu_1515-2	-
siemens	simatic_s7-1500_cpu_1515-2_pn	-
siemens	simatic_s7-1500_cpu_1515f-2	-
siemens	simatic_s7-1500_cpu_1515f-2_pn	-
siemens	simatic_s7-1500_cpu_1515r-2	-
siemens	simatic_s7-1500_cpu_1515t-2	-
siemens	simatic_s7-1500_cpu_1515tf-2	-
siemens	simatic_s7-1500_cpu_1516-3	-
siemens	simatic_s7-1500_cpu_1516-3_dp	-
siemens	simatic_s7-1500_cpu_1516-3_pn	-
siemens	simatic_s7-1500_cpu_1516-3_pn\/dp	-
siemens	simatic_s7-1500_cpu_1516f-3	-
siemens	simatic_s7-1500_cpu_1516f-3_pn\/dp	-
siemens	simatic_s7-1500_cpu_1516pro-2	-
siemens	simatic_s7-1500_cpu_1516pro_f	-
siemens	simatic_s7-1500_cpu_1516t-3	-
siemens	simatic_s7-1500_cpu_1516tf-3	-
siemens	simatic_s7-1500_cpu_1517-3	-
siemens	simatic_s7-1500_cpu_1517-3_dp	-
siemens	simatic_s7-1500_cpu_1517-3_pn	-
siemens	simatic_s7-1500_cpu_1517-3_pn\/dp	-
siemens	simatic_s7-1500_cpu_1517f-3	-
siemens	simatic_s7-1500_cpu_1517f-3_pn\/dp	-
siemens	simatic_s7-1500_cpu_1517tf-3	-
siemens	simatic_s7-1500_cpu_1518	-
siemens	simatic_s7-1500_cpu_1518-4	-
siemens	simatic_s7-1500_cpu_1518-4_dp	-
siemens	simatic_s7-1500_cpu_1518-4_pn	-
siemens	simatic_s7-1500_cpu_1518-4_pn\/dp	-
siemens	simatic_s7-1500_cpu_1518-4_pn\/dp_mfp	-
siemens	simatic_s7-1500_cpu_1518f-4	-
siemens	simatic_s7-1500_cpu_1518f-4_pn\/dp	-
siemens	simatic_s7-1500_cpu_1518hf-4	-
siemens	simatic_s7-1500_cpu_1518t-4	-
siemens	simatic_s7-1500_cpu_1518tf-4	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBCA2BFB-EEEB-4722-AC33-CBBFE92289BC",
              "versionEndExcluding": "16",
              "versionStartIncluding": "15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_step_7:16:-:*:*:*:*:*:*",
              "matchCriteriaId": "66CB66B9-176E-4FA3-BC67-E7C5972A307C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_step_7:16:update1:*:*:*:*:*:*",
              "matchCriteriaId": "EF2D6947-576B-4CA7-B4E4-F0B428FA5ABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_step_7:16:update2:*:*:*:*:*:*",
              "matchCriteriaId": "70AA41B2-8C18-4436-8C77-E6391EB0D8C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_step_7:16:update3:*:*:*:*:*:*",
              "matchCriteriaId": "0AF2FE58-C7FC-4FD6-8026-E23AEAAA29CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_step_7:16:update4:*:*:*:*:*:*",
              "matchCriteriaId": "C22708F4-5386-4C7A-B11A-677B8DDC36A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_step_7:17:-:*:*:*:*:*:*",
              "matchCriteriaId": "211B89EA-80D2-441D-8CD6-693CCB1407F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_step_7:17:update1:*:*:*:*:*:*",
              "matchCriteriaId": "7B23F0A5-8F54-407F-9DE1-30B10BAC6D85",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2B63726-10CE-46AB-ADBA-A511E770E162",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3871C0C9-C65E-4E0B-9CA8-75E60066297F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07849777-92E7-41D2-9128-F8D20DE15391",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68B3573B-A31E-4489-B2DD-B01B5C1D03CB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B640800C-9263-4BEA-9DA5-1323932540BD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE17584A-BF7A-48B8-A9CB-477663766C63",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214fc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDE46D66-A6B6-4554-8642-7F3E7E3AA22D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215_fc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C7D55C-8D99-4E2F-A254-1BDE2B12A203",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC4698CF-F935-4707-BA91-7E3650C7956C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215fc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4866FF7B-B34A-4828-94A8-BD0A0B6F4C88",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "232279DE-CF1C-4A3C-886D-B4CE3F104F09",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "01048F7F-9C5B-47C0-AE16-321FCA670F3D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1507s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "39C1392C-38E2-4AF9-AF17-91B93BC6B9B8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1507s_f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1ED29DF-8AC0-4BB6-ACE2-EBC0A2B87F96",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1508s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "46CBD063-6CF0-45E6-A9D1-C7F8709806AA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1508s_f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2079B95-E885-4490-BCEA-62BBEAF9CB51",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1510sp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D7ECCF7-E3EE-46A0-BC03-51AAEBCD03EE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1510sp-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38232B80-9EDE-4BE4-BD4C-0E84B18EC39A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B9B76B-D790-44B9-AC2A-7E0719C4D56C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511-1_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62F4050-F6C9-4C8F-8E09-F0AEEDB6B1FC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "822894D4-96D5-4BDC-A698-D31262BCF422",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511c-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F580D0D-F406-4586-9C54-EF44703FDA30",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511f-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B51EFC-2168-4B28-9527-A8DC62781709",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511f-1_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3E8A67-2A29-4DE9-AF1B-D74A42D55D1E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511t-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBA72709-BC38-425F-8EBD-FE16C5A86140",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511tf-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E76D7BD-0529-4A51-9866-8AF5241A5184",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2E24A4C-AC13-4382-BDF6-E13878FED4DC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512c-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7933577-8564-4DE4-AAED-62F87E3C3353",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512sp-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0E822C9-6983-4CC6-BC51-822563DF7BCE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512spf-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77BD8110-76B4-4D5C-BFF7-E5F1D0EA9CD6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7889F5-D499-41A6-B1BB-264F988884D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513-1_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6663D66-5127-4F5D-B39D-50D3F88F4435",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513f-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2962FF0-D865-4D15-B1A7-EFC0501972A6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513f-1_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "69DE61DE-5B71-4F35-AC4F-C6EC24A7DDAA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513r-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E2F34DF-3A55-49A4-9A9C-80C99B367079",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB7605AF-2B00-49DD-BC32-37E6CF9ED625",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515-2_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABE9C79B-52A3-45F4-9DA5-6D61A6BF7753",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515f-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A4E04A-EB99-4AB2-9B30-C70DB11A6C8D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515f-2_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDE82551-008D-4B75-BDB5-3DD30ADD1863",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515r-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA0AEBFA-682F-4F5D-8FAA-D517AE3B3D0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515t-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7BC3993-1CB0-4C1D-BC04-ED69BA814B24",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515tf-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89839624-6FA1-4377-A3B4-9CB704555E2B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D611B2-4D81-4838-B612-8D17196A5B78",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5FD1F20-E507-4422-814D-19614CDB49B7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "439E1B3E-7174-4BAC-A11A-F4F37ABB7291",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5C12961-CCF4-4248-9E43-8866671A257A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516f-3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "44C84DC4-1E8C-431B-AF23-AA86CE316928",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516f-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5787D689-D80C-47BC-A0C2-E45E0FAD49D9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516pro-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD3A239E-41CB-4222-8146-745B15C206C3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516pro_f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "298EF297-949E-45E9-9A57-8D07986DED10",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516t-3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "27653C38-64A3-4DE2-8B65-BBC356A396AE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516tf-3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A66C6524-9076-4C4E-B518-586BB1FF7107",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C03BFBC2-E30D-4DAF-BDE0-06F97D1A0E92",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABE53C35-490A-498B-8CAB-B874C0E17AF1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C44E126-E4D9-44D8-B8B9-10F060D63A2B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "984F6E53-482D-4282-BBAA-87B0375310FA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517f-3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4C4030-4BFE-4EA0-9967-F77EEB5113E0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517f-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB2327DF-ADA4-453E-A35E-E986D822F1E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517tf-3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1BD045A-0DC6-4D6F-A596-B24ECA84936B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE0BA68C-EB57-49CE-94A8-E7905AB79824",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "836BC49A-F358-410D-A5CC-D62DAC7D624F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6772D5F3-35EE-4C94-B6D5-31500F440CCF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4245AED2-3F58-40D0-BF8A-8E930E1730B7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "40F38253-92F5-4A3A-AA07-292F7542D8A6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\\/dp_mfp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BC4FA01-8DDB-41E4-B759-7B504F78AEBC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F37885E-AC96-4043-892F-55AEFAFA675D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB469732-E3C2-45BC-8F65-C1B6A676A974",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518hf-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "914D507E-5C6E-4BA7-B5EA-549A01E0C34D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518t-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF0A62F-8EC0-4EB8-821A-14B17D87DD8A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518tf-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "223AA9C0-89FA-459D-949F-FB9D3551C06F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions \u003c V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en SIMATIC STEP 7 (TIA Portal) versi\u00f3n V15 (Todas las versiones), SIMATIC STEP 7 (TIA Portal) versi\u00f3n V16 (todas las versiones anteriores a versi\u00f3n V16 Update 5), SIMATIC STEP 7 (TIA Portal) versi\u00f3n V17 (todas las versiones anteriores a versi\u00f3n V17 Update 2). Un atacante podr\u00eda lograr una escalada de privilegios en el servidor web de determinados dispositivos debido a una vulnerabilidad de control de acceso inapropiada en el software del sistema de ingenier\u00eda. El atacante necesita tener acceso directo al servidor web afectado"
    }
  ],
  "id": "CVE-2021-42029",
  "lastModified": "2024-11-21T06:27:06.913",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-12T09:15:13.817",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-42029 (GCVE-0-2021-42029)

GHSA-VP88-R9QC-VWRW

CNVD-2022-28501

CVE-2021-42029

CERTFR-2022-AVI-329

Solution

GSD-2021-42029

FKIE_CVE-2021-42029

Tags

Sightings

Nomenclature