A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf | Patch Vendor Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
21 Nov 2024, 06:14
Type | Values Removed | Values Added |
---|---|---|
References | () https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf - Patch, Vendor Advisory |
Information
Published : 2021-08-10 11:15
Updated : 2024-11-21 06:14
NVD link : CVE-2021-37172
Mitre link : CVE-2021-37172
CVE.ORG link : CVE-2021-37172
JSON object : View
Products Affected
siemens
- simatic_s7-1200_cpu_firmware
- cpu_1214c
- cpu_1212c
- cpu_1215c
- cpu_1214fc
- cpu_1217c
- simatic_step_7_\(tia_portal\)
- cpu_1211c
- cpu_1212fc
- cpu_1215fc
CWE
CWE-287
Improper Authentication