TROYANOSYVIRUS
Back to CVEs

CVE-2021-41769

HIGH
7.5

Description

A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information.

CVE Details

CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published1/11/2022
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0

Affected Products

siemens:6md85siemens:6md85_firmwaresiemens:6md86siemens:6md86_firmwaresiemens:6md89siemens:6md89_firmwaresiemens:6mu85siemens:6mu85_firmwaresiemens:7ke85siemens:7ke85_firmwaresiemens:7sa82siemens:7sa82_firmwaresiemens:7sa86siemens:7sa86_firmwaresiemens:7sa87siemens:7sa87_firmwaresiemens:7sd82siemens:7sd82_firmwaresiemens:7sd86siemens:7sd86_firmwaresiemens:7sd87siemens:7sd87_firmwaresiemens:7sj81siemens:7sj81_firmwaresiemens:7sj82siemens:7sj82_firmwaresiemens:7sj85siemens:7sj85_firmwaresiemens:7sj86siemens:7sj86_firmwaresiemens:7sk82siemens:7sk82_firmwaresiemens:7sk85siemens:7sk85_firmwaresiemens:7sl82siemens:7sl82_firmwaresiemens:7sl86siemens:7sl86_firmwaresiemens:7sl87siemens:7sl87_firmwaresiemens:7ss85siemens:7ss85_firmwaresiemens:7st85siemens:7st85_firmwaresiemens:7sx800siemens:7sx800_firmwaresiemens:7sx85siemens:7sx85_firmwaresiemens:7um85siemens:7um85_firmwaresiemens:7ut82siemens:7ut82_firmwaresiemens:7ut85siemens:7ut85_firmwaresiemens:7ut86siemens:7ut86_firmwaresiemens:7ut87siemens:7ut87_firmwaresiemens:7ve85siemens:7ve85_firmwaresiemens:7vk87siemens:7vk87_firmware

Weaknesses (CWE)

CWE-20CWE-20

References

https://cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf(productcert@siemens.com)
https://cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.