CVE-2021-41769
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information.
Affected (31)
Products: Siemens: 6md85 Firmware, 6md86 Firmware, 6md89 Firmware, 6mu85 Firmware, 7ke85 Firmware, 7sa82 Firmware, 7sa86 Firmware, 7sa87 Firmware, 7sd82 Firmware, 7sd86 Firmware, 7sd87 Firmware, 7sj81 Firmware, 7sj82 Firmware, 7sj85 Firmware, 7sj86 Firmware, 7sk82 Firmware, 7sk85 Firmware, 7sl82 Firmware, 7sl86 Firmware, 7sl87 Firmware, 7ss85 Firmware, 7st85 Firmware, 7sx800 Firmware, 7sx85 Firmware, 7um85 Firmware, 7ut82 Firmware, 7ut85 Firmware, 7ut86 Firmware, 7ut87 Firmware, 7ve85 Firmware, 7vk87 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 6md85 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 6md86 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 6md89 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 6mu85 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7ke85 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7sa82 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7sa86 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7sa87 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7sd82 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7sd86 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7sd87 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7sj81 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7sj82 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7sj85 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7sj86 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7sk82 | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7sk85 | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7sl82 | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7sl86 | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7sl87 | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7ss85 | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7st85 | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7sx800 | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7sx85 | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7um85 | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7ut82 | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7ut85 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7ut86 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7ut87 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7ve85 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.83 |
| Running on/with | Platform Versions |
|---|---|
Siemens 7vk87 | All versions |
References (2)
Source: productcert@siemens.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.