Vulnetix
Try Vulnetix Request Demo
CVE-2021-31893 PUBLISHED CVSS 7.800000190734863 HIGH

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). The affected software contains a buffer overflow vulnerability while handling certain files that could allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code execution.

EPSS 0.16% · 37.0th percentile

Risk Scores

CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.16%
37.0th percentile

Affected Products

VendorProductVersions
siemenssimatic_step_7_firmware0
siemenssimatic_pdm_firmware0
SiemensSIMATIC PDMAll versions < V9.2
siemenssinamics_starter_firmware5.4, 0, 5.4
siemenssimatic_pcs_firmware9.0, 0, 9.0
SiemensSIMATIC PCS 7 V9.0All versions < V9.0 SP3
SiemensSINAMICS STARTER (containing STEP 7 OEM version)All versions < V5.4 HF2
SiemensSIMATIC PCS 7 V8.2 and earlierAll versions
SiemensSIMATIC STEP 7 V5.XAll versions < V5.6 SP2 HF3

Timeline

References

Open in Interactive Console →