Vulnerability-Lookup

CVE-2021-45460 (GCVE-0-2021-45460)

Vulnerability from cvelistv5 – Published: 2022-01-11 11:27 – Updated: 2024-08-04 04:39

Summary

A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service.

Severity ?

No CVSS data available.

CWE

CWE-428 - Unquoted Search Path or Element

Assigner

siemens

References

URL

	Vendor	Product	Version
	Siemens	SICAM PQ Analyzer	Affected: All versions < V3.18

GHSA-X953-H4JC-JFVQ

Vulnerability from github – Published: 2022-01-12 00:01 – Updated: 2022-01-19 00:01

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-45460"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-11T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SICAM PQ Analyzer (All versions \u003c V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system (\"backdoors\") or cause a denial of service.",
  "id": "GHSA-x953-h4jc-jfvq",
  "modified": "2022-01-19T00:01:50Z",
  "published": "2022-01-12T00:01:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45460"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2021-45460

Vulnerability from fkie_nvd - Published: 2022-01-11 12:15 - Updated: 2024-11-21 06:32

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Summary

References

	URL	Tags
	productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	siemens	sicam_pq_analyzer_firmware	*
	siemens	sicam_pq_analyzer	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:sicam_pq_analyzer_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B807CA54-8DD5-49E2-893E-F1488F86A5BE",
              "versionEndExcluding": "3.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:sicam_pq_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "487AFB5A-E021-4CD6-9370-8DF15AF768B6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SICAM PQ Analyzer (All versions \u003c V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system (\"backdoors\") or cause a denial of service."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en SICAM PQ Analyzer (Todas las versiones anteriores a V3.18). Un servicio es iniciado mediante una entrada de registro no citada. Como se presentan espacios en esta ruta, los atacantes con privilegio de escritura en esos directorios podr\u00edan plantar ejecutables que ser\u00e1n ejecutados en lugar del proceso leg\u00edtimo. Los atacantes podr\u00edan lograr la persistencia en el sistema (\"backdoors\") o causar una denegaci\u00f3n de servicio"
    }
  ],
  "id": "CVE-2021-45460",
  "lastModified": "2024-11-21T06:32:15.223",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-11T12:15:10.193",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-428"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-428"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2022-AVI-018

Vulnerability from certfr_avis - Published: 2022-01-11 - Updated: 2022-01-11

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	CP-8022 MASTER MODULE, versions antérieures à 16.20
Siemens	N/A	PLUSCONTROL première génération, toutes les versions, se référer au bulletin de sécurité de l'éditeur afin d'appliquer les mesures de contournement
Siemens	N/A	CP-8021 MASTER MODULE, versions antérieures à 16.20
Siemens	N/A	SIPROTEC 5 depuis la gamme 6MD85 jusqu'à la gamme 7VK87, vérifier l'avis ssa-439673 pour identifier plus précisément les gammes vulnérables, versions antérieures à 8.83
Siemens	N/A	SIPROTEC 5 Compact 7SX800, versions antérieures à 8.83
Siemens	N/A	CP-8000 MASTER MODULE -40 à +70°C, versions antérieures à 16.20
Siemens	N/A	SICAM PQ Analyzer, versions antérieures à 3.18
Siemens	N/A	COMOS Web, versions antérieures à 10.4.1
Siemens	N/A	CP-8000 MASTER -25 à +70°C, versions antérieures à 16.20

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-324998 du 11 janvier 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-845392 du 11 janvier 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-439673 du 11 janvier 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-995338 du 11 janvier 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-173318 du 11 janvier 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CP-8022 MASTER MODULE, versions ant\u00e9rieures \u00e0 16.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "PLUSCONTROL premi\u00e8re g\u00e9n\u00e9ration, toutes les versions, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur afin d\u0027appliquer les mesures de contournement",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP-8021 MASTER MODULE, versions ant\u00e9rieures \u00e0 16.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPROTEC 5 depuis la gamme 6MD85 jusqu\u0027\u00e0 la gamme 7VK87, v\u00e9rifier l\u0027avis ssa-439673 pour identifier plus pr\u00e9cis\u00e9ment les gammes vuln\u00e9rables, versions ant\u00e9rieures \u00e0 8.83",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPROTEC 5 Compact 7SX800, versions ant\u00e9rieures \u00e0 8.83",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP-8000 MASTER MODULE -40 \u00e0 +70\u00b0C, versions ant\u00e9rieures \u00e0 16.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM PQ Analyzer, versions ant\u00e9rieures \u00e0 3.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS Web, versions ant\u00e9rieures \u00e0 10.4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP-8000 MASTER -25 \u00e0 +70\u00b0C, versions ant\u00e9rieures \u00e0 16.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-45034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45034"
    },
    {
      "name": "CVE-2021-41769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41769"
    },
    {
      "name": "CVE-2021-37198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37198"
    },
    {
      "name": "CVE-2021-45033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45033"
    },
    {
      "name": "CVE-2021-31885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31885"
    },
    {
      "name": "CVE-2021-37197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37197"
    },
    {
      "name": "CVE-2021-45460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45460"
    },
    {
      "name": "CVE-2021-37195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37195"
    },
    {
      "name": "CVE-2021-31346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31346"
    },
    {
      "name": "CVE-2021-37196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37196"
    },
    {
      "name": "CVE-2021-31889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31889"
    },
    {
      "name": "CVE-2021-31890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31890"
    },
    {
      "name": "CVE-2021-31345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31345"
    },
    {
      "name": "CVE-2021-31344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31344"
    }
  ],
  "initial_release_date": "2022-01-11T00:00:00",
  "last_revision_date": "2022-01-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-018",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-324998 du 11 janvier 2022",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-845392 du 11 janvier 2022",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-439673 du 11 janvier 2022",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-995338 du 11 janvier 2022",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-173318 du 11 janvier 2022",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf"
    }
  ]
}

GSD-2021-45460

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-45460

Aliases

CVE-2021-45460

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-45460",
    "description": "A vulnerability has been identified in SICAM PQ Analyzer (All versions \u003c V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system (\"backdoors\") or cause a denial of service.",
    "id": "GSD-2021-45460"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-45460"
      ],
      "details": "A vulnerability has been identified in SICAM PQ Analyzer (All versions \u003c V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system (\"backdoors\") or cause a denial of service.",
      "id": "GSD-2021-45460",
      "modified": "2023-12-13T01:23:19.791040Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2021-45460",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SICAM PQ Analyzer",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c  V3.18"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in SICAM PQ Analyzer (All versions \u003c V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system (\"backdoors\") or cause a denial of service."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-428: Unquoted Search Path or Element"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:sicam_pq_analyzer_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.18",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:sicam_pq_analyzer:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-45460"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SICAM PQ Analyzer (All versions \u003c V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system (\"backdoors\") or cause a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-428"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2022-01-18T20:29Z",
      "publishedDate": "2022-01-11T12:15Z"
    }
  }
}

CNVD-2022-02751

Vulnerability from cnvd - Published: 2022-01-12

Title

Siemens SICAM PQ Analyzer搜索路径漏洞

Description

SICAM PQ Analyzer是一种电能质量系统软件，可提供评估存档PQ的选项测量数据和故障记录。 Siemens SICAM PQ Analyzer存在搜索路径漏洞，具有写入权限的攻击者可利用该漏洞植入将代替合法进程运行的可执行文件。

Severity

低

Patch Name

Siemens SICAM PQ Analyzer搜索路径漏洞的补丁

Patch Description

SICAM PQ Analyzer是一种电能质量系统软件，可提供评估存档PQ的选项测量数据和故障记录。 Siemens SICAM PQ Analyzer存在搜索路径漏洞，具有写入权限的攻击者可利用该漏洞植入将代替合法进程运行的可执行文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.industry.siemens.com/cs/ww/en/

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf

Impacted products

Name
SIEMENS SICAM PQ Analyzer <3.18

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-45460"
    }
  },
  "description": "SICAM PQ Analyzer\u662f\u4e00\u79cd\u7535\u80fd\u8d28\u91cf\u7cfb\u7edf\u8f6f\u4ef6\uff0c\u53ef\u63d0\u4f9b\u8bc4\u4f30\u5b58\u6863PQ\u7684\u9009\u9879\u6d4b\u91cf\u6570\u636e\u548c\u6545\u969c\u8bb0\u5f55\u3002\n\nSiemens SICAM PQ Analyzer\u5b58\u5728\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\uff0c\u5177\u6709\u5199\u5165\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u690d\u5165\u5c06\u4ee3\u66ff\u5408\u6cd5\u8fdb\u7a0b\u8fd0\u884c\u7684\u53ef\u6267\u884c\u6587\u4ef6\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-02751",
  "openTime": "2022-01-12",
  "patchDescription": "SICAM PQ Analyzer\u662f\u4e00\u79cd\u7535\u80fd\u8d28\u91cf\u7cfb\u7edf\u8f6f\u4ef6\uff0c\u53ef\u63d0\u4f9b\u8bc4\u4f30\u5b58\u6863PQ\u7684\u9009\u9879\u6d4b\u91cf\u6570\u636e\u548c\u6545\u969c\u8bb0\u5f55\u3002\r\n\r\nSiemens SICAM PQ Analyzer\u5b58\u5728\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\uff0c\u5177\u6709\u5199\u5165\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u690d\u5165\u5c06\u4ee3\u66ff\u5408\u6cd5\u8fdb\u7a0b\u8fd0\u884c\u7684\u53ef\u6267\u884c\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SICAM PQ Analyzer\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "SIEMENS SICAM PQ Analyzer \u003c3.18"
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf",
  "serverity": "\u4f4e",
  "submitTime": "2022-01-12",
  "title": "Siemens SICAM PQ Analyzer\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-45460 (GCVE-0-2021-45460)

GHSA-X953-H4JC-JFVQ

FKIE_CVE-2021-45460

CERTFR-2022-AVI-018

Solution

GSD-2021-45460

CNVD-2022-02751

Tags

Sightings

Nomenclature