CVE-2021-37206

Published: Sep 14, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device.

Affected (3)

Products: Siemens: Siprotec 5 With Cpu Variant Cp050, Siprotec 5 With Cpu Variant Cp100, Siprotec 5 With Cpu Variant Cp300

Siemens

3 products

Siprotec 5 With Cpu Variant Cp050

Siprotec 5 With Cpu Variant Cp100

Siprotec 5 With Cpu Variant Cp300

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Siemens Siprotec 5 With Cpu Variant Cp050	Before 8.80
Siemens Siprotec 5 With Cpu Variant Cp100	Before 8.80
Siemens Siprotec 5 With Cpu Variant Cp300	Before 8.80

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf

Source: productcert@siemens.com

PatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.