Lucene search

[email protected]NVD:CVE-2021-44222

HistoryJul 12, 2022 - 10:15 a.m.

CVE-2021-44222

2022-07-1210:15:10

CWE-306

[email protected]

web.nvd.nist.gov

cve-2021-44222

authentication bypass

mqtt service

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.002

Percentile

62.0%

JSON

A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system.

Affected configurations

Nvd

Node

siemenssimatic_easie_core_packageRange<22.00

VendorProductVersionCPE
siemenssimatic_easie_core_package*cpe:2.3:a:siemens:simatic_easie_core_package:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	simatic_easie_core_package	*	cpe:2.3:a:siemens:simatic_easie_core_package::::::::

References

cert-portal.siemens.com/productcert/pdf/ssa-580125.pdf

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.002

Percentile

62.0%

JSON

Related for NVD:CVE-2021-44222

cvelist1 prion1 cve1 ics1