China National Vulnerability DatabaseCNVD-2021-61122Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 incorrect authorization vulnerability
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
35.7%
Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 are both products of Siemens, a German company.SIMATIC S7-1500 CPU is a CPU (central processing unit) module.SIMATIC S7-1500 is a programmable logic controller.Siemens A security vulnerability exists in the SIMATIC S7-1500 CPU and SIMATIC S7-1500. The vulnerability stems from incorrect authorization checks in the affected components and can be exploited by an attacker to extract information from the affected device regarding access to protected PLC program variables via port 102/tcp when reading multiple attributes at once.
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
35.7%