CVE-2021-41769 - Vulnerability Details

A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00474.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	6md85 6md85 Firmware 6md86 6md86 Firmware 6md89 6md89 Firmware 6mu85 6mu85 Firmware 7ke85 7ke85 Firmware 7sa82 7sa82 Firmware 7sa86 7sa86 Firmware 7sa87 7sa87 Firmware 7sd82 7sd82 Firmware 7sd86 7sd86 Firmware 7sd87 7sd87 Firmware 7sj81 7sj81 Firmware 7sj82 7sj82 Firmware 7sj85 7sj85 Firmware 7sj86 7sj86 Firmware 7sk82 7sk82 Firmware 7sk85 7sk85 Firmware 7sl82 7sl82 Firmware 7sl86 7sl86 Firmware 7sl87 7sl87 Firmware 7ss85 7ss85 Firmware 7st85 7st85 Firmware 7sx800 7sx800 Firmware 7sx85 7sx85 Firmware 7um85 7um85 Firmware 7ut82 7ut82 Firmware 7ut85 7ut85 Firmware 7ut86 7ut86 Firmware 7ut87 7ut87 Firmware 7ve85 7ve85 Firmware 7vk87 7vk87 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:6md85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6md85:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:6md86_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6md86:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:6md89_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6md89:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:6mu85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6mu85:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:7ke85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7ke85:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:siemens:7sa82_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sa82:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:siemens:7sa86_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sa86:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:siemens:7sa87_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sa87:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:siemens:7sd82_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sd82:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:siemens:7sd86_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sd86:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:siemens:7sd87_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sd87:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:siemens:7sj81_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sj81:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:siemens:7sj82_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sj82:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:siemens:7sj85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sj85:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:siemens:7sj86_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sj86:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:siemens:7sk82_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sk82:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:siemens:7sk85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sk85:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:siemens:7sl82_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sl82:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:siemens:7sl86_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sl86:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:siemens:7sl87_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sl87:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:siemens:7ss85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7ss85:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:siemens:7st85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7st85:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:siemens:7sx800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sx800:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:siemens:7sx85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sx85:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:siemens:7um85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7um85:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:siemens:7ut82_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7ut82:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:siemens:7ut85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7ut85:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:siemens:7ut86_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7ut86:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:siemens:7ut87_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7ut87:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:siemens:7ve85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7ve85:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:siemens:7vk87_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7vk87:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-28777	A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2022-01-11T11:27:16

Updated: 2024-08-04T03:15:29.228Z

Reserved: 2021-09-28T00:00:00

Link: CVE-2021-41769

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-01-11T12:15:10.037

Modified: 2024-11-21T06:26:43.700

Link: CVE-2021-41769

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object