CVE-2021-27388

2021-06-1519:40:24

CWE-20

siemens

www.cve.org

sinamics

medium voltage

remote access

vulnerability

sm@rtserver

AI Score

9.8

Confidence

High

EPSS

0.002

Percentile

60.2%

JSON

SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands on the SINAMICS Medium Voltage Products, Remote Access (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).

CNA Affected

[
  {
    "product": "SINAMICS Medium Voltage Products, Remote Access",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions"
      }
    ]
  }
]

References

us-cert.cisa.gov/ics/advisories/icsa-21-131-04