All the vulnerabilites related to siemens - siprotec_5_with_cpu_variant_cp050
cve-2021-33719
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIPROTEC 5 relays with CPU variants CP050 |
Version: All versions < V8.80 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIPROTEC 5 relays with CPU variants CP050",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.80"
}
]
},
{
"product": "SIPROTEC 5 relays with CPU variants CP100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.80"
}
]
},
{
"product": "SIPROTEC 5 relays with CPU variants CP300",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.80"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions \u003c V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:21",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIPROTEC 5 relays with CPU variants CP050",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.80"
}
]
}
},
{
"product_name": "SIPROTEC 5 relays with CPU variants CP100",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.80"
}
]
}
},
{
"product_name": "SIPROTEC 5 relays with CPU variants CP300",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.80"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions \u003c V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33719",
"datePublished": "2021-09-14T10:47:35",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33720
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIPROTEC 5 relays with CPU variants CP050 |
Version: All versions < V8.80 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIPROTEC 5 relays with CPU variants CP050",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.80"
}
]
},
{
"product": "SIPROTEC 5 relays with CPU variants CP100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.80"
}
]
},
{
"product": "SIPROTEC 5 relays with CPU variants CP300",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.80"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions \u003c V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:22",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIPROTEC 5 relays with CPU variants CP050",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.80"
}
]
}
},
{
"product_name": "SIPROTEC 5 relays with CPU variants CP100",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.80"
}
]
}
},
{
"product_name": "SIPROTEC 5 relays with CPU variants CP300",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.80"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions \u003c V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33720",
"datePublished": "2021-09-14T10:47:36",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37206
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIPROTEC 5 relays with CPU variants CP050 |
Version: All versions < V8.80 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIPROTEC 5 relays with CPU variants CP050",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.80"
}
]
},
{
"product": "SIPROTEC 5 relays with CPU variants CP100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.80"
}
]
},
{
"product": "SIPROTEC 5 relays with CPU variants CP300",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.80"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions \u003c V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:38",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-37206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIPROTEC 5 relays with CPU variants CP050",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.80"
}
]
}
},
{
"product_name": "SIPROTEC 5 relays with CPU variants CP100",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.80"
}
]
}
},
{
"product_name": "SIPROTEC 5 relays with CPU variants CP300",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.80"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions \u003c V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-37206",
"datePublished": "2021-09-14T10:47:57",
"dateReserved": "2021-07-21T00:00:00",
"dateUpdated": "2024-08-04T01:16:03.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-09-14 11:15
Modified
2024-11-21 06:14
Severity ?
Summary
A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | siprotec_5_with_cpu_variant_cp050 | * | |
| siemens | siprotec_5_with_cpu_variant_cp100 | * | |
| siemens | siprotec_5_with_cpu_variant_cp300 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9755644C-32A9-468D-A7AD-D12B8C1924D9",
"versionEndExcluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27B5603D-CA86-440D-9CBE-A6F50AA1ADE1",
"versionEndExcluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp300:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23382FCC-10D8-4DEC-A6B1-9B39D8988299",
"versionEndExcluding": "8.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions \u003c V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en los rel\u00e9s SIPROTEC 5 con variantes de CPUCP050 (Todas las versiones anteriores a V8.80), rel\u00e9s SIPROTEC 5 con variantes de CPUCP100 (Todas las versiones anteriores a V8.80), rel\u00e9s SIPROTEC 5 con variantes de CPUCP300 (Todas las versiones anteriores a V8.80). Los paquetes web recibidos no se procesan correctamente. Un atacante remoto no autenticado con acceso a cualquiera de las interfaces Ethernet podr\u00eda enviar paquetes especialmente dise\u00f1ados para forzar el reinicio del dispositivo de destino"
}
],
"id": "CVE-2021-37206",
"lastModified": "2024-11-21T06:14:51.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-14T11:15:26.547",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-14 11:15
Modified
2024-11-21 06:09
Severity ?
Summary
A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | siprotec_5_with_cpu_variant_cp050 | * | |
| siemens | siprotec_5_with_cpu_variant_cp100 | * | |
| siemens | siprotec_5_with_cpu_variant_cp300 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9755644C-32A9-468D-A7AD-D12B8C1924D9",
"versionEndExcluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27B5603D-CA86-440D-9CBE-A6F50AA1ADE1",
"versionEndExcluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp300:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23382FCC-10D8-4DEC-A6B1-9B39D8988299",
"versionEndExcluding": "8.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions \u003c V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en los rel\u00e9s SIPROTEC 5 con variantes de CPU CP050 (Todas las versiones anteriores a V8.80), rel\u00e9s SIPROTEC 5 con variantes de CPU CP100 (Todas las versiones anteriores a V8.80), rel\u00e9s SIPROTEC 5 con variantes de CPU CP300 (Todas las versiones anteriores a V8.80). Los paquetes especialmente dise\u00f1ados enviados al puerto 4443/tcp podr\u00edan causar una condici\u00f3n de denegaci\u00f3n de servicio o una potencial ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-33719",
"lastModified": "2024-11-21T06:09:26.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-14T11:15:24.447",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-14 11:15
Modified
2024-11-21 06:09
Severity ?
Summary
A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | siprotec_5_with_cpu_variant_cp050 | * | |
| siemens | siprotec_5_with_cpu_variant_cp100 | * | |
| siemens | siprotec_5_with_cpu_variant_cp300 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9755644C-32A9-468D-A7AD-D12B8C1924D9",
"versionEndExcluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27B5603D-CA86-440D-9CBE-A6F50AA1ADE1",
"versionEndExcluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp300:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23382FCC-10D8-4DEC-A6B1-9B39D8988299",
"versionEndExcluding": "8.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions \u003c V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions \u003c V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en los rel\u00e9s SIPROTEC 5 con variantes de CPU CP050 (Todas las versiones anteriores a V8.80), rel\u00e9s SIPROTEC 5 con variantes de CPU CP100 (Todas las versiones anteriores a V8.80), rel\u00e9s SIPROTEC 5 con variantes de CPU CP300 (Todas las versiones anteriores a V8.80). Los paquetes especialmente dise\u00f1ados enviados al puerto 4443/tcp podr\u00edan causar una condici\u00f3n de denegaci\u00f3n de servicio"
}
],
"id": "CVE-2021-33720",
"lastModified": "2024-11-21T06:09:26.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-14T11:15:24.540",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}