Vulnerability CVE-2021-27395

Vulnerability CVE-2021-27395

Published: 2021-10-12

Description:

A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All versions), SIMATIC Process Historian 2020 (All versions). An interface in the software that is used for critical functionalities lacks authentication, which could allow a malicious user to maliciously insert, modify or delete data.

Type:

CWE-306

(Missing Authentication for Critical Function)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5.5/10	4.9/10	8/10

Exploit range	Attack complexity	Authentication
Remote	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
None	Partial	Partial

Affected software
Siemens -> Simatic process historian 2013
Siemens -> Simatic process historian 2014
Siemens -> Simatic process historian 2019
Siemens -> Simatic process historian 2020

References:

https://cert-portal.siemens.com/productcert/pdf/ssa-766247.pdf

Copyright 2024, cxsecurity.com