All the vulnerabilites related to Siemens - SIMATIC PCS 7 V8.2 and earlier
cve-2021-31894
Vulnerability from cvelistv5
Published
2021-07-13 11:02
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions < V9.1 SP2), SIMATIC PDM (All versions < V9.2 SP2), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 SP2 HF1). A directory containing metafiles relevant to devices' configurations has write permissions. An attacker could leverage this vulnerability by changing the content of certain metafiles and subsequently manipulate parameters or behavior of devices that would be later configured by the affected software.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdf | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC PCS 7 V8.2 and earlier",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC PCS 7 V9.X",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V9.1 SP2"
}
]
},
{
"product": "SIMATIC PDM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V9.2 SP2"
}
]
},
{
"product": "SIMATIC STEP 7 V5.X",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.7"
}
]
},
{
"product": "SINAMICS STARTER (containing STEP 7 OEM version)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.4 SP2 HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions \u003c V9.1 SP2), SIMATIC PDM (All versions \u003c V9.2 SP2), SIMATIC STEP 7 V5.X (All versions \u003c V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions \u003c V5.4 SP2 HF1). A directory containing metafiles relevant to devices\u0027 configurations has write permissions. An attacker could leverage this vulnerability by changing the content of certain metafiles and subsequently manipulate parameters or behavior of devices that would be later configured by the affected software."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T11:17:00",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-31894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.2 and earlier",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V9.X",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V9.1 SP2"
}
]
}
},
{
"product_name": "SIMATIC PDM",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V9.2 SP2"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 V5.X",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.7"
}
]
}
},
{
"product_name": "SINAMICS STARTER (containing STEP 7 OEM version)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.4 SP2 HF1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions \u003c V9.1 SP2), SIMATIC PDM (All versions \u003c V9.2 SP2), SIMATIC STEP 7 V5.X (All versions \u003c V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions \u003c V5.4 SP2 HF1). A directory containing metafiles relevant to devices\u0027 configurations has write permissions. An attacker could leverage this vulnerability by changing the content of certain metafiles and subsequently manipulate parameters or behavior of devices that would be later configured by the affected software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-31894",
"datePublished": "2021-07-13T11:02:58",
"dateReserved": "2021-04-29T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7586
Vulnerability from cvelistv5
Published
2020-06-10 16:23
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf | x_refsource_MISC | |
| https://www.us-cert.gov/ics/advisories/icsa-20-161-05 | x_refsource_MISC | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-161-05 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-05"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC PCS 7 V8.2 and earlier",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC PCS 7 V9.0",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V9.0 SP3"
}
]
},
{
"product": "SIMATIC PDM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V9.2"
}
]
},
{
"product": "SIMATIC STEP 7 V5.X",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.6 SP2 HF3"
}
]
},
{
"product": "SINAMICS STARTER (containing STEP 7 OEM version)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.4 HF2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP3), SIMATIC PDM (All versions \u003c V9.2), SIMATIC STEP 7 V5.X (All versions \u003c V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions \u003c V5.4 HF2). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T20:42:20",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-05"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-7586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.2 and earlier",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V9.0",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V9.0 SP3"
}
]
}
},
{
"product_name": "SIMATIC PDM",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V9.2"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 V5.X",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.6 SP2 HF3"
}
]
}
},
{
"product_name": "SINAMICS STARTER (containing STEP 7 OEM version)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.4 HF2"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP3), SIMATIC PDM (All versions \u003c V9.2), SIMATIC STEP 7 V5.X (All versions \u003c V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions \u003c V5.4 HF2). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-05",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-05"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-05",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-7586",
"datePublished": "2020-06-10T16:23:52",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7585
Vulnerability from cvelistv5
Published
2020-06-10 16:23
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf | x_refsource_MISC | |
| https://www.us-cert.gov/ics/advisories/icsa-20-161-05 | x_refsource_MISC | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-161-05 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-05"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC PCS 7 V8.2 and earlier",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC PCS 7 V9.0",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V9.0 SP3"
}
]
},
{
"product": "SIMATIC PDM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V9.2"
}
]
},
{
"product": "SIMATIC STEP 7 V5.X",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.6 SP2 HF3"
}
]
},
{
"product": "SINAMICS STARTER (containing STEP 7 OEM version)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.4 HF2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP3), SIMATIC PDM (All versions \u003c V9.2), SIMATIC STEP 7 V5.X (All versions \u003c V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions \u003c V5.4 HF2). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T20:42:20",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-05"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-7585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.2 and earlier",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V9.0",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V9.0 SP3"
}
]
}
},
{
"product_name": "SIMATIC PDM",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V9.2"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 V5.X",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.6 SP2 HF3"
}
]
}
},
{
"product_name": "SINAMICS STARTER (containing STEP 7 OEM version)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.4 HF2"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP3), SIMATIC PDM (All versions \u003c V9.2), SIMATIC STEP 7 V5.X (All versions \u003c V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions \u003c V5.4 HF2). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-05",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-05"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-05",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-7585",
"datePublished": "2020-06-10T16:23:39",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31893
Vulnerability from cvelistv5
Published
2021-07-13 11:02
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). The affected software contains a buffer overflow vulnerability while handling certain files that could allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-641963.pdf | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-641963.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC PCS 7 V8.2 and earlier",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC PCS 7 V9.0",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V9.0 SP3"
}
]
},
{
"product": "SIMATIC PDM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V9.2"
}
]
},
{
"product": "SIMATIC STEP 7 V5.X",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.6 SP2 HF3"
}
]
},
{
"product": "SINAMICS STARTER (containing STEP 7 OEM version)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.4 HF2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP3), SIMATIC PDM (All versions \u003c V9.2), SIMATIC STEP 7 V5.X (All versions \u003c V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions \u003c V5.4 HF2). The affected software contains a buffer overflow vulnerability while handling certain files that could allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T11:02:56",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-641963.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-31893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.2 and earlier",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V9.0",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V9.0 SP3"
}
]
}
},
{
"product_name": "SIMATIC PDM",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V9.2"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 V5.X",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.6 SP2 HF3"
}
]
}
},
{
"product_name": "SINAMICS STARTER (containing STEP 7 OEM version)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.4 HF2"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP3), SIMATIC PDM (All versions \u003c V9.2), SIMATIC STEP 7 V5.X (All versions \u003c V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions \u003c V5.4 HF2). The affected software contains a buffer overflow vulnerability while handling certain files that could allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-641963.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-641963.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-31893",
"datePublished": "2021-07-13T11:02:56",
"dateReserved": "2021-04-29T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}