CVE-2021-41543

2022-03-0811:31:12

CWE-284

siemens

www.cve.org

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.0%

JSON

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files.

CNA Affected

[
  {
    "product": "Climatix POL909 (AWB module)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V11.44"
      }
    ]
  },
  {
    "product": "Climatix POL909 (AWM module)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V11.36"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf