CVE-2021-41769

A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:6md85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6md85:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:6md86_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6md86:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:6md89_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6md89:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:6mu85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6mu85:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:7ke85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7ke85:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:7sa82_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sa82:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:7sa86_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sa86:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:7sa87_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sa87:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:7sd82_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sd82:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:siemens:7sd86_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sd86:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:siemens:7sd87_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sd87:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:siemens:7sj81_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sj81:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:siemens:7sj82_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sj82:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:siemens:7sj85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sj85:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:siemens:7sj86_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sj86:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:siemens:7sk82_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sk82:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:siemens:7sk85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sk85:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:siemens:7sl82_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sl82:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:siemens:7sl86_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sl86:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:siemens:7sl87_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sl87:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:siemens:7ss85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7ss85:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:siemens:7st85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7st85:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:siemens:7sx800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sx800:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:siemens:7sx85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sx85:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:siemens:7um85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7um85:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:siemens:7ut82_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7ut82:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:siemens:7ut85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7ut85:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:siemens:7ut86_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7ut86:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:siemens:7ut87_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7ut87:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:siemens:7ve85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7ve85:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:siemens:7vk87_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7vk87:-:*:*:*:*:*:*:*

History

19 Jan 2022, 16:49

Type	Values Removed	Values Added
References	~~(MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf -~~	(MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 7.5
CPE		cpe:2.3:o:siemens:7ut86_firmware:::::::: cpe:2.3:h:siemens:6md89:-:::::::* cpe:2.3:h:siemens:6md85:-:::::::* cpe:2.3:o:siemens:7sj85_firmware:::::::: cpe:2.3:o:siemens:7sl87_firmware:::::::: cpe:2.3:h:siemens:7sl86:-:::::::* cpe:2.3:h:siemens:6md86:-:::::::* cpe:2.3:o:siemens:7sj82_firmware:::::::: cpe:2.3:o:siemens:7sx85_firmware:::::::: cpe:2.3:o:siemens:7sd82_firmware:::::::: cpe:2.3:h:siemens:7sx85:-:::::::* cpe:2.3:o:siemens:7sx800_firmware:::::::: cpe:2.3:h:siemens:7ke85:-:::::::* cpe:2.3:h:siemens:7vk87:-:::::::* cpe:2.3:o:siemens:7sl82_firmware:::::::: cpe:2.3:o:siemens:7sk85_firmware:::::::: cpe:2.3:o:siemens:6md89_firmware:::::::: cpe:2.3:h:siemens:7sj86:-:::::::* cpe:2.3:h:siemens:7ut85:-:::::::* cpe:2.3:o:siemens:7ke85_firmware:::::::: cpe:2.3:o:siemens:6mu85_firmware:::::::: cpe:2.3:h:siemens:7sa86:-:::::::* cpe:2.3:o:siemens:7st85_firmware:::::::: cpe:2.3:o:siemens:7sd86_firmware:::::::: cpe:2.3:h:siemens:7sl82:-:::::::* cpe:2.3:o:siemens:7sd87_firmware:::::::: cpe:2.3:o:siemens:7sk82_firmware:::::::: cpe:2.3:o:siemens:7sj86_firmware:::::::: cpe:2.3:o:siemens:7ve85_firmware:::::::: cpe:2.3:o:siemens:7ut82_firmware:::::::: cpe:2.3:o:siemens:7ut87_firmware:::::::: cpe:2.3:o:siemens:7sj81_firmware:::::::: cpe:2.3:h:siemens:7um85:-:::::::* cpe:2.3:h:siemens:7sj85:-:::::::* cpe:2.3:o:siemens:7vk87_firmware:::::::: cpe:2.3:h:siemens:7sx800:-:::::::* cpe:2.3:h:siemens:7ut82:-:::::::* cpe:2.3:h:siemens:7ve85:-:::::::* cpe:2.3:o:siemens:7sa87_firmware:::::::: cpe:2.3:o:siemens:7ut85_firmware:::::::: cpe:2.3:o:siemens:6md86_firmware:::::::: cpe:2.3:h:siemens:7ut86:-:::::::* cpe:2.3:h:siemens:7sk82:-:::::::* cpe:2.3:h:siemens:7sl87:-:::::::* cpe:2.3:h:siemens:7sa87:-:::::::* cpe:2.3:h:siemens:7sk85:-:::::::* cpe:2.3:h:siemens:7sd82:-:::::::* cpe:2.3:h:siemens:7sj82:-:::::::* cpe:2.3:h:siemens:7st85:-:::::::* cpe:2.3:o:siemens:7um85_firmware:::::::: cpe:2.3:o:siemens:7ss85_firmware:::::::: cpe:2.3:h:siemens:6mu85:-:::::::* cpe:2.3:h:siemens:7ss85:-:::::::* cpe:2.3:h:siemens:7sd87:-:::::::* cpe:2.3:o:siemens:7sa86_firmware:::::::: cpe:2.3:h:siemens:7sa82:-:::::::* cpe:2.3:h:siemens:7sd86:-:::::::* cpe:2.3:h:siemens:7sj81:-:::::::* cpe:2.3:h:siemens:7ut87:-:::::::* cpe:2.3:o:siemens:6md85_firmware:::::::: cpe:2.3:o:siemens:7sl86_firmware:::::::: cpe:2.3:o:siemens:7sa82_firmware::::::::
First Time		Siemens 7sj82 Firmware Siemens 7sa87 Siemens Siemens 7sd86 Firmware Siemens 7ut85 Firmware Siemens 7st85 Siemens 7sa87 Firmware Siemens 7sj85 Firmware Siemens 7vk87 Siemens 7ut85 Siemens 7sa86 Firmware Siemens 7ve85 Firmware Siemens 7sj82 Siemens 7sj86 Firmware Siemens 7sa86 Siemens 7ut87 Firmware Siemens 7sd82 Firmware Siemens 6md85 Siemens 7sx800 Firmware Siemens 7sl87 Firmware Siemens 6md85 Firmware Siemens 7sk82 Siemens 7sd87 Siemens 7ve85 Siemens 7ke85 Firmware Siemens 7sl87 Siemens 7sl86 Siemens 7ss85 Firmware Siemens 7sx800 Siemens 7sd86 Siemens 7sj85 Siemens 7sj86 Siemens 7ut86 Firmware Siemens 7ut86 Siemens 7sl86 Firmware Siemens 7sd87 Firmware Siemens 6md86 Siemens 7sl82 Firmware Siemens 7ke85 Siemens 7sk82 Firmware Siemens 7sk85 Siemens 7ut87 Siemens 7sj81 Siemens 7sx85 Siemens 6md89 Siemens 7sa82 Siemens 6mu85 Siemens 7sj81 Firmware Siemens 7vk87 Firmware Siemens 7um85 Siemens 7sd82 Siemens 6md86 Firmware Siemens 7ut82 Firmware Siemens 7ut82 Siemens 6md89 Firmware Siemens 7st85 Firmware Siemens 7sx85 Firmware Siemens 6mu85 Firmware Siemens 7ss85 Siemens 7sl82 Siemens 7sk85 Firmware Siemens 7sa82 Firmware Siemens 7um85 Firmware
CWE		CWE-20

11 Jan 2022, 12:45

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-01-11 12:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-41769

Mitre link : CVE-2021-41769

CVE.ORG link : CVE-2021-41769

JSON object : View

Products Affected

siemens

7ut82
7ut86
7sa82_firmware
7sl87_firmware
7sd86
7ve85
7st85
7ut87_firmware
7sl87
7um85_firmware
7ut85_firmware
7sx800_firmware
7sj85_firmware
7sj86
7sd87_firmware
7vk87
7um85
7sx85_firmware
7sj85
6md86_firmware
7sd82_firmware
7ke85_firmware
7sk85
7sx800
7sk82
6md89
7st85_firmware
7sk85_firmware
7sl82
7sd82
6md86
7sd87
7ut82_firmware
7ve85_firmware
6md85
7ke85
7vk87_firmware
7ss85
7sa87_firmware
7ut85
7sd86_firmware
7sa87
6mu85_firmware
7sk82_firmware
7ss85_firmware
7sl82_firmware
7sl86_firmware
7sj82_firmware
7ut86_firmware
7ut87
7sa86
7sj81_firmware
7sj86_firmware
6md85_firmware
7sa86_firmware
6md89_firmware
7sj82
6mu85
7sx85
7sa82
7sl86
7sj81

CWE

CWE-20

Improper Input Validation

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-41769

7.5^/10

5.0^/10

Attach tags to `CVE-2021-41769`