Vulnerability Details : CVE-2021-42029
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server.
Vulnerability category: BypassGain privilege
Products affected by CVE-2021-42029
- cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_step_7:16:-:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_step_7:16:update1:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_step_7:16:update2:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_step_7:16:update3:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_step_7:16:update4:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_step_7:17:-:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_step_7:17:update1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-42029
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 11 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-42029
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2021-42029
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: productcert@siemens.com (Secondary)
References for CVE-2021-42029
-
https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf
Patch;Vendor Advisory
Jump to