FKIE_CVE-2021-40363
Vulnerability from fkie_nvd - Published: 2022-02-09 16:15 - Updated: 2024-11-21 06:23
Severity ?
Summary
A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions <= V17 Update 4), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system.
References
| URL | Tags | ||
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdf | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B62697B-2F75-44EA-A1F8-14BF9D1F99CC",
"versionEndIncluding": "8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs_7:9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A42E3FB0-6C66-4702-BDC8-39EEA54B5C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs_7:9.1:-:*:*:*:*:*:*",
"matchCriteriaId": "0D25510C-F677-4A98-806C-FF644F11EEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F39B396-140B-4005-9A61-F984C9FAF742",
"versionEndExcluding": "7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:-:*:*:*:*:*:*",
"matchCriteriaId": "3B0BD5DE-C6EF-4B89-831B-DA34DB0D68F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2637C346-8AAF-481F-AFB0-BAD4254D14F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update1:*:*:*:*:*:*",
"matchCriteriaId": "BF8404AB-579E-4C6B-BCA7-E95F2CE24F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update10:*:*:*:*:*:*",
"matchCriteriaId": "88F6B3BF-727F-432E-89D8-37FB7C76FE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update11:*:*:*:*:*:*",
"matchCriteriaId": "62EB588C-CBB4-4B17-9BB5-B14B1FC6BB21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update12:*:*:*:*:*:*",
"matchCriteriaId": "AF3F613C-6707-4517-B4B8-530C912B79E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update13:*:*:*:*:*:*",
"matchCriteriaId": "590F62CE-9245-4AC9-9FBC-35136E217B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update14:*:*:*:*:*:*",
"matchCriteriaId": "3C5F5AD3-878D-42B0-B30E-8B0B6174486B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update15:*:*:*:*:*:*",
"matchCriteriaId": "57F59EE1-46FC-4B94-AB30-F1D3235C5A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update16:*:*:*:*:*:*",
"matchCriteriaId": "BA774F51-885C-4579-982E-431A8AB027B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update17:*:*:*:*:*:*",
"matchCriteriaId": "110DF98C-BE75-43B6-B63D-1D7D99AFFA73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update18:*:*:*:*:*:*",
"matchCriteriaId": "11F812DE-BF33-4CB0-8E21-81682E3B88CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update2:*:*:*:*:*:*",
"matchCriteriaId": "241D5A28-FB22-4C5B-A067-733168E847BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update3:*:*:*:*:*:*",
"matchCriteriaId": "A5418F92-84A9-439C-B86C-ED5820697603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update4:*:*:*:*:*:*",
"matchCriteriaId": "40631FBD-116B-4589-B77A-6C5A69990F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update5:*:*:*:*:*:*",
"matchCriteriaId": "64B14972-6163-4D44-A9C6-16328E02AC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update6:*:*:*:*:*:*",
"matchCriteriaId": "8929E926-740F-4F17-B52C-4C73914B1818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update7:*:*:*:*:*:*",
"matchCriteriaId": "D4F72666-D10A-4EB2-80D3-18B04C101256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update8:*:*:*:*:*:*",
"matchCriteriaId": "0E343221-1E1A-4EE7-80AE-AB24E2244BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update9:*:*:*:*:*:*",
"matchCriteriaId": "1BF716D7-0A77-400F-9B43-64FBE3E65735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:update_1:*:*:*:*:*:*",
"matchCriteriaId": "D0A0534C-8EDE-46FF-82A0-812CF069ABC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:-:*:*:*:*:*:*",
"matchCriteriaId": "E79DA14E-419C-49BA-8E4F-2907E1D8937F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "81F9C13C-065C-4E40-BB46-687D791348A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update1:*:*:*:*:*:*",
"matchCriteriaId": "5CF06E69-0A23-418D-B0EC-574DACBB4DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update2:*:*:*:*:*:*",
"matchCriteriaId": "9164EAC1-C416-4F1F-A910-CE84A167A6D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3422B714-DB0F-4EE3-A7D4-9A0165214563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update1:*:*:*:*:*:*",
"matchCriteriaId": "70B79B00-F61D-4F10-AD7B-74718F061D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update2:*:*:*:*:*:*",
"matchCriteriaId": "A8766442-CC8D-4221-89B8-F75D195F71E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update3:*:*:*:*:*:*",
"matchCriteriaId": "26C08FB9-AFEB-4A53-AAB3-37C9717B30C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update4:*:*:*:*:*:*",
"matchCriteriaId": "68896900-7FCC-4BFB-B787-8992B459F00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update5:*:*:*:*:*:*",
"matchCriteriaId": "1059B529-02F0-4C85-A35E-2282546FA990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:13:-:*:*:*:*:*:*",
"matchCriteriaId": "0D9FE447-2090-47D2-8667-5DC7605089BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:13:sp1:*:*:*:*:*:*",
"matchCriteriaId": "BB4FFADC-51F0-439F-9F80-D2B2614FFC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:13:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4C117FFB-A3FF-4E82-9CE9-B2DFFAF7D799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:14.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5A7162-F1B5-4E74-99D6-4108AC4C49FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:15:*:*:*:*:*:*:*",
"matchCriteriaId": "A961C560-0288-4BC7-B3EB-11610765A34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:-:*:*:*:*:*:*",
"matchCriteriaId": "50B77C2A-4D66-4407-8CA4-99C43ED72DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_1:*:*:*:*:*:*",
"matchCriteriaId": "9794ED7E-EB17-4C95-B900-840A48758F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_2:*:*:*:*:*:*",
"matchCriteriaId": "57E82CFE-4191-4055-A0BA-EAB7BE96D947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_3:*:*:*:*:*:*",
"matchCriteriaId": "C4DBBDAA-BCAE-4B63-BDFC-3DD70DAD9B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_4:*:*:*:*:*:*",
"matchCriteriaId": "B5AF87C6-F8D6-4462-9DF5-B9D301002B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_5:*:*:*:*:*:*",
"matchCriteriaId": "E4D610DA-D1EF-487E-94CB-FC6E6BE4BE4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_6:*:*:*:*:*:*",
"matchCriteriaId": "6BB49DC6-B8AB-4320-B5CB-8EB803D41194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:16:-:*:*:*:*:*:*",
"matchCriteriaId": "A4316924-9EF8-4835-A2E4-0C81F4DE473D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:16:update1:*:*:*:*:*:*",
"matchCriteriaId": "A1011EBE-A08D-4066-A2B8-45736AE6999B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:16:update2:*:*:*:*:*:*",
"matchCriteriaId": "37284D6C-ADB9-43A9-817D-7879FDF8BF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:16:update3:*:*:*:*:*:*",
"matchCriteriaId": "1DAD73CB-A027-4CEA-A439-A271717BBEDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:16:update4:*:*:*:*:*:*",
"matchCriteriaId": "150B957C-545F-4BD8-8AB9-E64ACC59C865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:17:-:*:*:*:*:*:*",
"matchCriteriaId": "C665E91E-DC56-41E0-99B4-ACFAA70B3103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:17:update1:*:*:*:*:*:*",
"matchCriteriaId": "BB46C8BD-942A-45DC-AA8A-C0D9418CA302",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions \u003c V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions \u003c V15 SP1 Update 7), SIMATIC WinCC V16 (All versions \u003c V16 Update 5), SIMATIC WinCC V17 (All versions \u003c V17 Update 2), SIMATIC WinCC V17 (All versions \u003c= V17 Update 4), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions \u003c V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC PCS 7 V8.2 (Todas las versiones), SIMATIC PCS 7 V9.0 (Todas las versiones), SIMATIC PCS 7 V9.1 (Todas las versiones anteriores a V9. 1 SP1), SIMATIC WinCC V15 y anteriores (Todas las versiones anteriores a V15 SP1 Update 7), SIMATIC WinCC V16 (Todas las versiones anteriores a V16 Update 5), SIMATIC WinCC V17 (Todas las versiones anteriores a V17 Update 2), SIMATIC WinCC V17 (Todas las versiones anteriores a= V17 Update 4), SIMATIC WinCC V7.4 (Todas las versiones anteriores a V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (Todas las versiones anteriores a V7.5 SP2 Update 6). El componente afectado almacena las credenciales de una cuenta del sistema local en un archivo de proyecto potencialmente accesible al p\u00fablico utilizando un algoritmo de cifrado obsoleto. Un atacante puede usar esto para forzar las credenciales y tomar el control del sistema"
}
],
"id": "CVE-2021-40363",
"lastModified": "2024-11-21T06:23:57.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-09T16:15:13.877",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-538"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…