Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2021-42029

UNKNOWN
Published 2022-04-12T09:07:30
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-42029. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Siemens

SIMATIC STEP 7 (TIA Portal) V15

Affected Versions:

All versions
Siemens

SIMATIC STEP 7 (TIA Portal) V16

Affected Versions:

All versions < V16 Update 5
Siemens

SIMATIC STEP 7 (TIA Portal) V17

Affected Versions:

All versions < V17 Update 2

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-vp88-r9qc-vwrw

Advisory Details

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-42029
WEB https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf

Advisory provided by GitHub Security Advisory Database. Published: April 13, 2022, Modified: April 20, 2022

References

https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf
Published: 2022-04-12T09:07:30
Last Modified: 2024-08-04T03:22:25.804Z
Copied to clipboard!