All the vulnerabilites related to Siemens - SIPROTEC 5 relays with CPU variants CP050
cve-2021-33719
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIPROTEC 5 relays with CPU variants CP050 |
Version: All versions < V8.80 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIPROTEC 5 relays with CPU variants CP050",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.80"
}
]
},
{
"product": "SIPROTEC 5 relays with CPU variants CP100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.80"
}
]
},
{
"product": "SIPROTEC 5 relays with CPU variants CP300",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.80"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions \u003c V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:21",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIPROTEC 5 relays with CPU variants CP050",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.80"
}
]
}
},
{
"product_name": "SIPROTEC 5 relays with CPU variants CP100",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.80"
}
]
}
},
{
"product_name": "SIPROTEC 5 relays with CPU variants CP300",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.80"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions \u003c V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33719",
"datePublished": "2021-09-14T10:47:35",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33720
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIPROTEC 5 relays with CPU variants CP050 |
Version: All versions < V8.80 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIPROTEC 5 relays with CPU variants CP050",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.80"
}
]
},
{
"product": "SIPROTEC 5 relays with CPU variants CP100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.80"
}
]
},
{
"product": "SIPROTEC 5 relays with CPU variants CP300",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.80"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions \u003c V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:22",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIPROTEC 5 relays with CPU variants CP050",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.80"
}
]
}
},
{
"product_name": "SIPROTEC 5 relays with CPU variants CP100",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.80"
}
]
}
},
{
"product_name": "SIPROTEC 5 relays with CPU variants CP300",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.80"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions \u003c V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33720",
"datePublished": "2021-09-14T10:47:36",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37206
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIPROTEC 5 relays with CPU variants CP050 |
Version: All versions < V8.80 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIPROTEC 5 relays with CPU variants CP050",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.80"
}
]
},
{
"product": "SIPROTEC 5 relays with CPU variants CP100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.80"
}
]
},
{
"product": "SIPROTEC 5 relays with CPU variants CP300",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.80"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions \u003c V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:38",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-37206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIPROTEC 5 relays with CPU variants CP050",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.80"
}
]
}
},
{
"product_name": "SIPROTEC 5 relays with CPU variants CP100",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.80"
}
]
}
},
{
"product_name": "SIPROTEC 5 relays with CPU variants CP300",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.80"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions \u003c V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-37206",
"datePublished": "2021-09-14T10:47:57",
"dateReserved": "2021-07-21T00:00:00",
"dateUpdated": "2024-08-04T01:16:03.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}