CVE-2021-31337

2021-06-2812:24:58

CWE-306

siemens

www.cve.org

simatic hmi comfort panels

telnet service

unauthenticated access

remote attacker

sinamics medium voltage products

AI Score

9.7

Confidence

High

EPSS

0.003

Percentile

70.1%

JSON

The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage Products (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).

CNA Affected

[
  {
    "product": "SINAMICS Medium Voltage Products",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions"
      }
    ]
  }
]

References

us-cert.cisa.gov/ics/advisories/icsa-21-131-04