Design/Logic Flaw

2021-07-1311:15:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions < V9.1 SP2), SIMATIC PDM (All versions < V9.2 SP2), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 SP2 HF1). A directory containing metafiles relevant to devices’ configurations has write permissions. An attacker could leverage this vulnerability by changing the content of certain metafiles and subsequently manipulate parameters or behavior of devices that would be later configured by the affected software.

CPENameOperatorVersion
simatic_pcs_7_firmwarele8.2
simatic_pcs_7_firmwareeq9.0
simatic_step_7_firmwarege5.0
simatic_step_7_firmwarelt5.7
sinamics_starter_firmwarelt5.4
sinamics_starter_firmwareeq5.4
sinamics_starter_firmwareeq5.4 hf2
sinamics_starter_firmwareeq5.4 hf1
sinamics_starter_firmwareeq5.4 sp1
sinamics_starter_firmwareeq5.4 sp1-hf1

Name	Operator	Version
simatic_pcs_7_firmware	le	8.2
simatic_pcs_7_firmware	eq	9.0
simatic_step_7_firmware	ge	5.0
simatic_step_7_firmware	lt	5.7
sinamics_starter_firmware	lt	5.4
sinamics_starter_firmware	eq	5.4
sinamics_starter_firmware	eq	5.4 hf2
sinamics_starter_firmware	eq	5.4 hf1
sinamics_starter_firmware	eq	5.4 sp1
sinamics_starter_firmware	eq	5.4 sp1-hf1