Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2022-AVI-018
Vulnerability from certfr_avis - Published: 2022-01-11 - Updated: 2022-01-11
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | CP-8022 MASTER MODULE, versions antérieures à 16.20 | ||
| Siemens | N/A | PLUSCONTROL première génération, toutes les versions, se référer au bulletin de sécurité de l'éditeur afin d'appliquer les mesures de contournement | ||
| Siemens | N/A | CP-8021 MASTER MODULE, versions antérieures à 16.20 | ||
| Siemens | N/A | SIPROTEC 5 depuis la gamme 6MD85 jusqu'à la gamme 7VK87, vérifier l'avis ssa-439673 pour identifier plus précisément les gammes vulnérables, versions antérieures à 8.83 | ||
| Siemens | N/A | SIPROTEC 5 Compact 7SX800, versions antérieures à 8.83 | ||
| Siemens | N/A | CP-8000 MASTER MODULE -40 à +70°C, versions antérieures à 16.20 | ||
| Siemens | N/A | SICAM PQ Analyzer, versions antérieures à 3.18 | ||
| Siemens | N/A | COMOS Web, versions antérieures à 10.4.1 | ||
| Siemens | N/A | CP-8000 MASTER -25 à +70°C, versions antérieures à 16.20 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CP-8022 MASTER MODULE, versions ant\u00e9rieures \u00e0 16.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PLUSCONTROL premi\u00e8re g\u00e9n\u00e9ration, toutes les versions, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur afin d\u0027appliquer les mesures de contournement",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP-8021 MASTER MODULE, versions ant\u00e9rieures \u00e0 16.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 depuis la gamme 6MD85 jusqu\u0027\u00e0 la gamme 7VK87, v\u00e9rifier l\u0027avis ssa-439673 pour identifier plus pr\u00e9cis\u00e9ment les gammes vuln\u00e9rables, versions ant\u00e9rieures \u00e0 8.83",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 Compact 7SX800, versions ant\u00e9rieures \u00e0 8.83",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP-8000 MASTER MODULE -40 \u00e0 +70\u00b0C, versions ant\u00e9rieures \u00e0 16.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM PQ Analyzer, versions ant\u00e9rieures \u00e0 3.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "COMOS Web, versions ant\u00e9rieures \u00e0 10.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP-8000 MASTER -25 \u00e0 +70\u00b0C, versions ant\u00e9rieures \u00e0 16.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45034"
},
{
"name": "CVE-2021-41769",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41769"
},
{
"name": "CVE-2021-37198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37198"
},
{
"name": "CVE-2021-45033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45033"
},
{
"name": "CVE-2021-31885",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31885"
},
{
"name": "CVE-2021-37197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37197"
},
{
"name": "CVE-2021-45460",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45460"
},
{
"name": "CVE-2021-37195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37195"
},
{
"name": "CVE-2021-31346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31346"
},
{
"name": "CVE-2021-37196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37196"
},
{
"name": "CVE-2021-31889",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31889"
},
{
"name": "CVE-2021-31890",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31890"
},
{
"name": "CVE-2021-31345",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31345"
},
{
"name": "CVE-2021-31344",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31344"
}
],
"initial_release_date": "2022-01-11T00:00:00",
"last_revision_date": "2022-01-11T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-018",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-324998 du 11 janvier 2022",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-845392 du 11 janvier 2022",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-439673 du 11 janvier 2022",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-995338 du 11 janvier 2022",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-173318 du 11 janvier 2022",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf"
}
]
}
CVE-2021-41769 (GCVE-0-2021-41769)
Vulnerability from cvelistv5 – Published: 2022-01-11 11:27 – Updated: 2024-08-04 03:15
VLAI
EPSS
Summary
A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information.
Severity
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
31 products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:29.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIPROTEC 5 6MD85 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 6MD86 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 6MD89 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 6MU85 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7KE85 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7SA82 devices (CPU variant CP100)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7SA86 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7SA87 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7SD82 devices (CPU variant CP100)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7SD86 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7SD87 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7SJ81 devices (CPU variant CP100)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7SJ82 devices (CPU variant CP100)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7SJ85 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7SJ86 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7SK82 devices (CPU variant CP100)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7SK85 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7SL82 devices (CPU variant CP100)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7SL86 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7SL87 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7SS85 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7ST85 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7SX85 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7UM85 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7UT82 devices (CPU variant CP100)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7UT85 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7UT86 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7UT87 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7VE85 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 7VK87 devices (CPU variant CP300)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
},
{
"product": "SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.83"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions \u003c V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions \u003c V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions \u003c V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions \u003c V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions \u003c V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions \u003c V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions \u003c V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions \u003c V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-11T11:27:16.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-41769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIPROTEC 5 6MD85 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 6MD86 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 6MD89 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 6MU85 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7KE85 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7SA82 devices (CPU variant CP100)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7SA86 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7SA87 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7SD82 devices (CPU variant CP100)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7SD86 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7SD87 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7SJ81 devices (CPU variant CP100)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7SJ82 devices (CPU variant CP100)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7SJ85 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7SJ86 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7SK82 devices (CPU variant CP100)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7SK85 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7SL82 devices (CPU variant CP100)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7SL86 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7SL87 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7SS85 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7ST85 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7SX85 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7UM85 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7UT82 devices (CPU variant CP100)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7UT85 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7UT86 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7UT87 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7VE85 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 7VK87 devices (CPU variant CP300)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
},
{
"product_name": "SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.83"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions \u003c V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions \u003c V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions \u003c V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions \u003c V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions \u003c V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions \u003c V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions \u003c V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions \u003c V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions \u003c V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-41769",
"datePublished": "2022-01-11T11:27:16.000Z",
"dateReserved": "2021-09-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:15:29.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45033 (GCVE-0-2021-45033)
Vulnerability from cvelistv5 – Published: 2022-01-11 11:27 – Updated: 2024-08-04 04:32
VLAI
EPSS
Summary
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device.
Severity
No CVSS data available.
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | CP-8000 MASTER MODULE WITH I/O -25/+70°C |
Affected:
All versions < V16.20
|
|
| Siemens | CP-8000 MASTER MODULE WITH I/O -40/+70°C |
Affected:
All versions < V16.20
|
|
| Siemens | CP-8021 MASTER MODULE |
Affected:
All versions < V16.20
|
|
| Siemens | CP-8022 MASTER MODULE WITH GPRS |
Affected:
All versions < V16.20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16.20"
}
]
},
{
"product": "CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16.20"
}
]
},
{
"product": "CP-8021 MASTER MODULE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16.20"
}
]
},
{
"product": "CP-8022 MASTER MODULE WITH GPRS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c V16.20), CP-8021 MASTER MODULE (All versions \u003c V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-11T11:27:17.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-45033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16.20"
}
]
}
},
{
"product_name": "CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16.20"
}
]
}
},
{
"product_name": "CP-8021 MASTER MODULE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16.20"
}
]
}
},
{
"product_name": "CP-8022 MASTER MODULE WITH GPRS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16.20"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c V16.20), CP-8021 MASTER MODULE (All versions \u003c V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798: Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-45033",
"datePublished": "2022-01-11T11:27:17.000Z",
"dateReserved": "2021-12-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:32:13.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45034 (GCVE-0-2021-45034)
Vulnerability from cvelistv5 – Published: 2022-01-11 11:27 – Updated: 2024-08-04 04:32
VLAI
EPSS
Summary
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2022/Apr/20 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/166743/Sieme… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | CP-8000 MASTER MODULE WITH I/O -25/+70°C |
Affected:
All versions < V16.20
|
|
| Siemens | CP-8000 MASTER MODULE WITH I/O -40/+70°C |
Affected:
All versions < V16.20
|
|
| Siemens | CP-8021 MASTER MODULE |
Affected:
All versions < V16.20
|
|
| Siemens | CP-8022 MASTER MODULE WITH GPRS |
Affected:
All versions < V16.20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
},
{
"name": "20220414 SEC Consult SA-20220413 :: Missing Authentication at File Download \u0026 Denial of Service in Siemens A8000 PLC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Apr/20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16.20"
}
]
},
{
"product": "CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16.20"
}
]
},
{
"product": "CP-8021 MASTER MODULE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16.20"
}
]
},
{
"product": "CP-8022 MASTER MODULE WITH GPRS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c V16.20), CP-8021 MASTER MODULE (All versions \u003c V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-15T17:06:20.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
},
{
"name": "20220414 SEC Consult SA-20220413 :: Missing Authentication at File Download \u0026 Denial of Service in Siemens A8000 PLC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Apr/20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-45034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16.20"
}
]
}
},
{
"product_name": "CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16.20"
}
]
}
},
{
"product_name": "CP-8021 MASTER MODULE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16.20"
}
]
}
},
{
"product_name": "CP-8022 MASTER MODULE WITH GPRS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16.20"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c V16.20), CP-8021 MASTER MODULE (All versions \u003c V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
},
{
"name": "20220414 SEC Consult SA-20220413 :: Missing Authentication at File Download \u0026 Denial of Service in Siemens A8000 PLC",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Apr/20"
},
{
"name": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-45034",
"datePublished": "2022-01-11T11:27:17.000Z",
"dateReserved": "2021-12-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:32:13.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45460 (GCVE-0-2021-45460)
Vulnerability from cvelistv5 – Published: 2022-01-11 11:27 – Updated: 2024-08-04 04:39
VLAI
EPSS
Summary
A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service.
Severity
No CVSS data available.
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SICAM PQ Analyzer |
Affected:
All versions < V3.18
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:39:21.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SICAM PQ Analyzer",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SICAM PQ Analyzer (All versions \u003c V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system (\"backdoors\") or cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428: Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-11T11:27:18.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-45460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SICAM PQ Analyzer",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.18"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SICAM PQ Analyzer (All versions \u003c V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system (\"backdoors\") or cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428: Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-45460",
"datePublished": "2022-01-11T11:27:18.000Z",
"dateReserved": "2021-12-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:39:21.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…