CVE-2021-31894 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-31894 PUBLISHED CVSS 7.199999809265137 HIGH

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions < V9.1 SP2), SIMATIC PDM (All versions < V9.2 SP2), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 SP2 HF1). A directory containing metafiles relevant to devices' configurations has write permissions. An attacker could leverage this vulnerability by changing the content of certain metafiles and subsequently manipulate parameters or behavior of devices that would be later configured by the affected software.

EPSS 0.03% · 8.1th percentile

Risk Scores

CVSS v2.0

7.199999809265137

EPSS Score

0.03%

8.1th percentile

Affected Products

Vendor	Product	Versions
siemens	simatic_pdm_firmware
Siemens	SINAMICS STARTER (containing STEP 7 OEM version)	All versions < V5.4 SP2 HF1
Siemens	SIMATIC STEP 7 V5.X	All versions < V5.7
Siemens	SIMATIC PCS 7 V8.2 and earlier	All versions
siemens	simatic_step_7_firmware	5.0
Siemens	SIMATIC PCS 7 V9.X	All versions < V9.1 SP2
Siemens	SIMATIC PDM	All versions < V9.2 SP2
siemens	sinamics_starter_firmware	5.4, 5.4, 5.4
siemens	simatic_pcs_7_firmware	9.0, 0

Timeline

Apr 13, 2021 CVE Published
Jul 14, 2021 EPSS Score
Sep 11, 2021 EPSS Score
Nov 9, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Jan 7, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 5, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 31, 2022 EPSS Score
Dec 29, 2022 EPSS Score

References

Open in Interactive Console →