Lucene search

[email protected]CVE-2021-41769

HistoryJan 11, 2022 - 12:15 p.m.

CVE-2021-41769

2022-01-1112:15:10

CWE-20

[email protected]

web.nvd.nist.gov

cve-2021-41769

vulnerability

siprotec devices

improper input validation

web server

nvd

security

information security

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

JSON

A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information.

Affected configurations

NVD

Node

siemens6md85_firmwareRange<8.83

AND

siemens6md85Match-

Node

siemens6md86_firmwareRange<8.83

AND

siemens6md86Match-

Node

siemens6md89_firmwareRange<8.83

AND

siemens6md89Match-

Node

siemens6mu85_firmwareRange<8.83

AND

siemens6mu85Match-

Node

siemens7ke85_firmwareRange<8.83

AND

siemens7ke85Match-

Node

siemens7sa82_firmwareRange<8.83

AND

siemens7sa82Match-

Node

siemens7sa86_firmwareRange<8.83

AND

siemens7sa86Match-

Node

siemens7sa87_firmwareRange<8.83

AND

siemens7sa87Match-

Node

siemens7sd82_firmwareRange<8.83

AND

siemens7sd82Match-

Node

siemens7sd86_firmwareRange<8.83

AND

siemens7sd86Match-

Node

siemens7sd87_firmwareRange<8.83

AND

siemens7sd87Match-

Node

siemens7sj81_firmwareRange<8.83

AND

siemens7sj81Match-

Node

siemens7sj82_firmwareRange<8.83

AND

siemens7sj82Match-

Node

siemens7sj85_firmwareRange<8.83

AND

siemens7sj85Match-

Node

siemens7sj86_firmwareRange<8.83

AND

siemens7sj86Match-

Node

siemens7sk82_firmwareRange<8.83

AND

siemens7sk82Match-

Node

siemens7sk85_firmwareRange<8.83

AND

siemens7sk85Match-

Node

siemens7sl82_firmwareRange<8.83

AND

siemens7sl82Match-

Node

siemens7sl86_firmwareRange<8.83

AND

siemens7sl86Match-

Node

siemens7sl87_firmwareRange<8.83

AND

siemens7sl87Match-

Node

siemens7ss85_firmwareRange<8.83

AND

siemens7ss85Match-

Node

siemens7st85_firmwareRange<8.83

AND

siemens7st85Match-

Node

siemens7sx800_firmwareRange<8.83

AND

siemens7sx800Match-

Node

siemens7sx85_firmwareRange<8.83

AND

siemens7sx85Match-

Node

siemens7um85_firmwareRange<8.83

AND

siemens7um85Match-

Node

siemens7ut82_firmwareRange<8.83

AND

siemens7ut82Match-

Node

siemens7ut85_firmwareRange<8.83

AND

siemens7ut85Match-

Node

siemens7ut86_firmwareRange<8.83

AND

siemens7ut86Match-

Node

siemens7ut87_firmwareRange<8.83

AND

siemens7ut87Match-

Node

siemens7ve85_firmwareRange<8.83

AND

siemens7ve85Match-

Node

siemens7vk87_firmwareRange<8.83

AND

siemens7vk87Match-

CPENameOperatorVersion
siemens:6md85_firmwaresiemens 6md85 firmwarelt8.83

CPE	Name	Operator	Version
siemens:6md85_firmware	siemens 6md85 firmware	lt	8.83

CNA Affected

[
  {
    "product": "SIPROTEC 5 6MD85 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 6MD86 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 6MD89 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 6MU85 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7KE85 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7SA82 devices (CPU variant CP100)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7SA86 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7SA87 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7SD82 devices (CPU variant CP100)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7SD86 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7SD87 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7SJ81 devices (CPU variant CP100)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7SJ82 devices (CPU variant CP100)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7SJ85 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7SJ86 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7SK82 devices (CPU variant CP100)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7SK85 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7SL82 devices (CPU variant CP100)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7SL86 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7SL87 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7SS85 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7ST85 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7SX85 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7UM85 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7UT82 devices (CPU variant CP100)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7UT85 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7UT86 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7UT87 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7VE85 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 7VK87 devices (CPU variant CP300)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.83"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

JSON

Related for CVE-2021-41769

prion1 cvelist1 cnvd1 ics1 nvd1 nessus1