{"containers": {"cna": {"affected": [{"product": "SIMATIC STEP 7 (TIA Portal) V15", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "SIMATIC STEP 7 (TIA Portal) V16", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V16 Update 5"}]}, {"product": "SIMATIC STEP 7 (TIA Portal) V17", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V17 Update 2"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-12T09:07:30.000Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-42029", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SIMATIC STEP 7 (TIA Portal) V15", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "SIMATIC STEP 7 (TIA Portal) V16", "version": {"version_data": [{"version_value": "All versions < V16 Update 5"}]}}, {"product_name": "SIMATIC STEP 7 (TIA Portal) V17", "version": {"version_data": [{"version_value": "All versions < V17 Update 2"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284: Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:22:25.804Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-42029", "datePublished": "2022-04-12T09:07:30.000Z", "dateReserved": "2021-10-06T00:00:00.000Z", "dateUpdated": "2024-08-04T03:22:25.804Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*", "matchCriteriaId": "BBCA2BFB-EEEB-4722-AC33-CBBFE92289BC", "versionEndExcluding": "16", "versionStartIncluding": "15", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_step_7:16:-:*:*:*:*:*:*", "matchCriteriaId": "66CB66B9-176E-4FA3-BC67-E7C5972A307C", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_step_7:16:update1:*:*:*:*:*:*", "matchCriteriaId": "EF2D6947-576B-4CA7-B4E4-F0B428FA5ABB", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_step_7:16:update2:*:*:*:*:*:*", "matchCriteriaId": "70AA41B2-8C18-4436-8C77-E6391EB0D8C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_step_7:16:update3:*:*:*:*:*:*", "matchCriteriaId": "0AF2FE58-C7FC-4FD6-8026-E23AEAAA29CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_step_7:16:update4:*:*:*:*:*:*", "matchCriteriaId": "C22708F4-5386-4C7A-B11A-677B8DDC36A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_step_7:17:-:*:*:*:*:*:*", "matchCriteriaId": "211B89EA-80D2-441D-8CD6-693CCB1407F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_step_7:17:update1:*:*:*:*:*:*", "matchCriteriaId": "7B23F0A5-8F54-407F-9DE1-30B10BAC6D85", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "F2B63726-10CE-46AB-ADBA-A511E770E162", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*", "matchCriteriaId": "3871C0C9-C65E-4E0B-9CA8-75E60066297F", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*", "matchCriteriaId": "07849777-92E7-41D2-9128-F8D20DE15391", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*", "matchCriteriaId": "68B3573B-A31E-4489-B2DD-B01B5C1D03CB", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*", "matchCriteriaId": "B640800C-9263-4BEA-9DA5-1323932540BD", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE17584A-BF7A-48B8-A9CB-477663766C63", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214fc:-:*:*:*:*:*:*:*", "matchCriteriaId": "EDE46D66-A6B6-4554-8642-7F3E7E3AA22D", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215_fc:-:*:*:*:*:*:*:*", "matchCriteriaId": "76C7D55C-8D99-4E2F-A254-1BDE2B12A203", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC4698CF-F935-4707-BA91-7E3650C7956C", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215fc:-:*:*:*:*:*:*:*", "matchCriteriaId": "4866FF7B-B34A-4828-94A8-BD0A0B6F4C88", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*", "matchCriteriaId": "232279DE-CF1C-4A3C-886D-B4CE3F104F09", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "01048F7F-9C5B-47C0-AE16-321FCA670F3D", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1507s:-:*:*:*:*:*:*:*", "matchCriteriaId": "39C1392C-38E2-4AF9-AF17-91B93BC6B9B8", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1507s_f:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1ED29DF-8AC0-4BB6-ACE2-EBC0A2B87F96", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1508s:-:*:*:*:*:*:*:*", "matchCriteriaId": "46CBD063-6CF0-45E6-A9D1-C7F8709806AA", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1508s_f:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2079B95-E885-4490-BCEA-62BBEAF9CB51", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1510sp:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D7ECCF7-E3EE-46A0-BC03-51AAEBCD03EE", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1510sp-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "38232B80-9EDE-4BE4-BD4C-0E84B18EC39A", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8B9B76B-D790-44B9-AC2A-7E0719C4D56C", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511-1_pn:-:*:*:*:*:*:*:*", "matchCriteriaId": "F62F4050-F6C9-4C8F-8E09-F0AEEDB6B1FC", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511c:-:*:*:*:*:*:*:*", "matchCriteriaId": "822894D4-96D5-4BDC-A698-D31262BCF422", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511c-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F580D0D-F406-4586-9C54-EF44703FDA30", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511f-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6B51EFC-2168-4B28-9527-A8DC62781709", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511f-1_pn:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A3E8A67-2A29-4DE9-AF1B-D74A42D55D1E", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511t-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "DBA72709-BC38-425F-8EBD-FE16C5A86140", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511tf-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E76D7BD-0529-4A51-9866-8AF5241A5184", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512c:-:*:*:*:*:*:*:*", "matchCriteriaId": "D2E24A4C-AC13-4382-BDF6-E13878FED4DC", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512c-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7933577-8564-4DE4-AAED-62F87E3C3353", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512sp-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0E822C9-6983-4CC6-BC51-822563DF7BCE", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512spf-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "77BD8110-76B4-4D5C-BFF7-E5F1D0EA9CD6", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E7889F5-D499-41A6-B1BB-264F988884D8", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513-1_pn:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6663D66-5127-4F5D-B39D-50D3F88F4435", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513f-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "F2962FF0-D865-4D15-B1A7-EFC0501972A6", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513f-1_pn:-:*:*:*:*:*:*:*", "matchCriteriaId": "69DE61DE-5B71-4F35-AC4F-C6EC24A7DDAA", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513r-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E2F34DF-3A55-49A4-9A9C-80C99B367079", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB7605AF-2B00-49DD-BC32-37E6CF9ED625", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515-2_pn:-:*:*:*:*:*:*:*", "matchCriteriaId": "ABE9C79B-52A3-45F4-9DA5-6D61A6BF7753", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515f-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "21A4E04A-EB99-4AB2-9B30-C70DB11A6C8D", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515f-2_pn:-:*:*:*:*:*:*:*", "matchCriteriaId": "EDE82551-008D-4B75-BDB5-3DD30ADD1863", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515r-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA0AEBFA-682F-4F5D-8FAA-D517AE3B3D0C", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515t-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7BC3993-1CB0-4C1D-BC04-ED69BA814B24", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515tf-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "89839624-6FA1-4377-A3B4-9CB704555E2B", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3:-:*:*:*:*:*:*:*", "matchCriteriaId": "B6D611B2-4D81-4838-B612-8D17196A5B78", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3_dp:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5FD1F20-E507-4422-814D-19614CDB49B7", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3_pn:-:*:*:*:*:*:*:*", "matchCriteriaId": "439E1B3E-7174-4BAC-A11A-F4F37ABB7291", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3_pn\\/dp:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5C12961-CCF4-4248-9E43-8866671A257A", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516f-3:-:*:*:*:*:*:*:*", "matchCriteriaId": "44C84DC4-1E8C-431B-AF23-AA86CE316928", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516f-3_pn\\/dp:-:*:*:*:*:*:*:*", "matchCriteriaId": "5787D689-D80C-47BC-A0C2-E45E0FAD49D9", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516pro-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD3A239E-41CB-4222-8146-745B15C206C3", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516pro_f:-:*:*:*:*:*:*:*", "matchCriteriaId": "298EF297-949E-45E9-9A57-8D07986DED10", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516t-3:-:*:*:*:*:*:*:*", "matchCriteriaId": "27653C38-64A3-4DE2-8B65-BBC356A396AE", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516tf-3:-:*:*:*:*:*:*:*", "matchCriteriaId": "A66C6524-9076-4C4E-B518-586BB1FF7107", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3:-:*:*:*:*:*:*:*", "matchCriteriaId": "C03BFBC2-E30D-4DAF-BDE0-06F97D1A0E92", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3_dp:-:*:*:*:*:*:*:*", "matchCriteriaId": "ABE53C35-490A-498B-8CAB-B874C0E17AF1", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3_pn:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C44E126-E4D9-44D8-B8B9-10F060D63A2B", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3_pn\\/dp:-:*:*:*:*:*:*:*", "matchCriteriaId": "984F6E53-482D-4282-BBAA-87B0375310FA", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517f-3:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F4C4030-4BFE-4EA0-9967-F77EEB5113E0", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517f-3_pn\\/dp:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB2327DF-ADA4-453E-A35E-E986D822F1E7", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517tf-3:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1BD045A-0DC6-4D6F-A596-B24ECA84936B", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE0BA68C-EB57-49CE-94A8-E7905AB79824", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "836BC49A-F358-410D-A5CC-D62DAC7D624F", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_dp:-:*:*:*:*:*:*:*", "matchCriteriaId": "6772D5F3-35EE-4C94-B6D5-31500F440CCF", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn:-:*:*:*:*:*:*:*", "matchCriteriaId": "4245AED2-3F58-40D0-BF8A-8E930E1730B7", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\\/dp:-:*:*:*:*:*:*:*", "matchCriteriaId": "40F38253-92F5-4A3A-AA07-292F7542D8A6", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\\/dp_mfp:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BC4FA01-8DDB-41E4-B759-7B504F78AEBC", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F37885E-AC96-4043-892F-55AEFAFA675D", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn\\/dp:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB469732-E3C2-45BC-8F65-C1B6A676A974", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518hf-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "914D507E-5C6E-4BA7-B5EA-549A01E0C34D", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518t-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "7EF0A62F-8EC0-4EB8-821A-14B17D87DD8A", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518tf-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "223AA9C0-89FA-459D-949F-FB9D3551C06F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SIMATIC STEP 7 (TIA Portal) versi\u00f3n V15 (Todas las versiones), SIMATIC STEP 7 (TIA Portal) versi\u00f3n V16 (todas las versiones anteriores a versi\u00f3n V16 Update 5), SIMATIC STEP 7 (TIA Portal) versi\u00f3n V17 (todas las versiones anteriores a versi\u00f3n V17 Update 2). Un atacante podr\u00eda lograr una escalada de privilegios en el servidor web de determinados dispositivos debido a una vulnerabilidad de control de acceso inapropiada en el software del sistema de ingenier\u00eda. El atacante necesita tener acceso directo al servidor web afectado"}], "id": "CVE-2021-42029", "lastModified": "2024-11-21T06:27:06.913", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-12T09:15:13.817", "references": [{"source": "productcert@siemens.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "productcert@siemens.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}