CVE-2021-41769 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-41769 PUBLISHED CVSS 7.5 HIGH

A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information.

EPSS 0.38% · 59.4th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.38%

59.4th percentile

Affected Products

Vendor	Product	Versions
siemens	7sa86_firmware	0
Siemens	SIPROTEC 5 7SS85 devices (CPU variant CP300)	All versions < V8.83
Siemens	SIPROTEC 5 7SL82 devices (CPU variant CP100)	All versions < V8.83
Siemens	SIPROTEC 5 7SL86 devices (CPU variant CP300)	All versions < V8.83
Siemens	SIPROTEC 5 7UT86 devices (CPU variant CP300)	All versions < V8.83
Siemens	SIPROTEC 5 7SJ82 devices (CPU variant CP100)	All versions < V8.83
siemens	7st85_firmware	0
siemens	7ve85_firmware	0
Siemens	SIPROTEC 5 7VE85 devices (CPU variant CP300)	All versions < V8.83
siemens	7sj85_firmware	0
siemens	7vk87_firmware	0
siemens	7sk85_firmware	0
Siemens	SIPROTEC 5 7SJ86 devices (CPU variant CP300)	All versions < V8.83
siemens	7um85_firmware	0
Siemens	SIPROTEC 5 7SK82 devices (CPU variant CP100)	All versions < V8.83
siemens	7ss85_firmware	0
siemens	6mu85_firmware	0
siemens	6md86_firmware	0
siemens	7sj82_firmware	0
siemens	7sa82_firmware	0

…and 42 more

Timeline

Jan 11, 2022 CVE Published
Jan 12, 2022 EPSS Score
Mar 6, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 19, 2022 EPSS Score
Aug 12, 2022 EPSS Score
Nov 26, 2022 EPSS Score
Jan 18, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 11, 2023 EPSS Score
May 3, 2023 EPSS Score
Jun 25, 2023 EPSS Score

References

Open in Interactive Console →