CVE-2021-27395

Published: Oct 12, 2021Modified: Jun 17, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All versions), SIMATIC Process Historian 2020 (All versions). An interface in the software that is used for critical functionalities lacks authentication, which could allow a malicious user to maliciously insert, modify or delete data.

Affected (7)

Products: Siemens: Simatic Process Historian 2013, Simatic Process Historian 2014, Simatic Process Historian 2019, Simatic Process Historian 2020

Siemens

4 products

Simatic Process Historian 2013

Simatic Process Historian 2014

Simatic Process Historian 2019

Simatic Process Historian 2020

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Siemens Simatic Process Historian 2013	All versions
Siemens Simatic Process Historian 2014	All versions
Siemens Simatic Process Historian 2014	All versions
Siemens Simatic Process Historian 2014	All versions
Siemens Simatic Process Historian 2014	All versions
Siemens Simatic Process Historian 2019	All versions
Siemens Simatic Process Historian 2020	All versions

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-766247.pdf

Source: productcert@siemens.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-766247.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.