VDB

CVE-2021-37172

CVE-2021-37172 PUBLISHED CVSS 7.5 HIGH

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V17 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device.

EPSS 0.19% · 40.1th percentile

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.19%
40.1th percentile

Affected Products

VendorProductVersions
SiemensSIMATIC S7-1200 CPU family (incl. SIPLUS variants)V4.5.0
siemenssimatic_s7-1200_cpu_firmware4.5.0
siemenssimatic_step_7_\(tia_portal\)0

Timeline

  • Apr 13, 2021 CVE Published
  • Aug 11, 2021 EPSS Score
  • Oct 9, 2021 EPSS Score
  • Dec 6, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Apr 2, 2022 EPSS Score
  • May 31, 2022 EPSS Score
  • Jul 30, 2022 EPSS Score
  • Sep 26, 2022 EPSS Score
  • Nov 24, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›