Vulnerability CVE-2021-27395


Published: 2021-10-12

Description:
A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All versions), SIMATIC Process Historian 2020 (All versions). An interface in the software that is used for critical functionalities lacks authentication, which could allow a malicious user to maliciously insert, modify or delete data.

Type:

CWE-306

(Missing Authentication for Critical Function)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.5/10
4.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Siemens -> Simatic process historian 2013 
Siemens -> Simatic process historian 2014 
Siemens -> Simatic process historian 2019 
Siemens -> Simatic process historian 2020 

 References:
https://cert-portal.siemens.com/productcert/pdf/ssa-766247.pdf

Copyright 2024, cxsecurity.com

 

Back to Top