VDB
CVE-2021-45034
CVE-2021-45034
PUBLISHED
CVSS 7.5 HIGH
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
EPSS 0.63% · 70.6th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.63%
70.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | CP-8000 MASTER MODULE WITH I/O -25/+70°C | All versions < V16.20 |
| siemens | cp-8000_master_module_with_i\/o_-25\/\+70_firmware | 0 |
| Siemens | CP-8022 MASTER MODULE WITH GPRS | All versions < V16.20 |
| siemens | cp-8022_master_module_with_gprs_firmware | 0 |
| Siemens | CP-8021 MASTER MODULE | All versions < V16.20 |
| Siemens | CP-8000 MASTER MODULE WITH I/O -40/+70°C | * |
| Siemens | N/A | |
| siemens | cp-8000_master_module_with_i\/o_-40\/\+70_firmware | 0 |
| siemens | cp-8021_master_module_firmware | 0 |
Timeline
- Jan 11, 2022 CVE Published
- Jan 12, 2022 EPSS Score
- Mar 6, 2022 EPSS Score
- Apr 29, 2022 EPSS Score
- Jun 21, 2022 EPSS Score
- Aug 14, 2022 EPSS Score
- Nov 29, 2022 EPSS Score
- Jan 21, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 15, 2023 EPSS Score
- May 8, 2023 EPSS Score
- Jun 30, 2023 EPSS Score
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf advisory
- 20220414 SEC Consult SA-20220413 :: Missing Authentication at File Download & Denial of Service in Siemens A8000 PLC mailing-list
- http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html url
- https://nvd.nist.gov/vuln/detail/CVE-2021-45034 advisory