CVE-2021-33719

Published: Sep 14, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution.

Affected (3)

Products: Siemens: Siprotec 5 With Cpu Variant Cp050, Siprotec 5 With Cpu Variant Cp100, Siprotec 5 With Cpu Variant Cp300

Siemens

3 products

Siprotec 5 With Cpu Variant Cp050

Siprotec 5 With Cpu Variant Cp100

Siprotec 5 With Cpu Variant Cp300

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Siemens Siprotec 5 With Cpu Variant Cp050	Before 8.80
Siemens Siprotec 5 With Cpu Variant Cp100	Before 8.80
Siemens Siprotec 5 With Cpu Variant Cp300	Before 8.80

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf

Source: productcert@siemens.com

PatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.