PT-2021-19568 · Siemens · Simatic Pdm+3
Published
2021-07-13
·
Updated
2021-08-06
·
CVE-2021-31893
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
SIMATIC PCS 7 versions 8.2 and earlier
SIMATIC PCS 7 V9.0 versions prior to V9.0 SP3
SIMATIC PDM versions prior to V9.2
SIMATIC STEP 7 V5.X versions prior to V5.6 SP2 HF3
SINAMICS STARTER (containing STEP 7 OEM version) versions prior to V5.4 HF2
Description:
The affected software contains a buffer overflow vulnerability while handling certain files. This could allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code execution.
Recommendations:
For SIMATIC PCS 7 versions 8.2 and earlier, update to a version later than V8.2.
For SIMATIC PCS 7 V9.0 versions prior to V9.0 SP3, update to V9.0 SP3 or later.
For SIMATIC PDM versions prior to V9.2, update to V9.2 or later.
For SIMATIC STEP 7 V5.X versions prior to V5.6 SP2 HF3, update to V5.6 SP2 HF3 or later.
For SINAMICS STARTER (containing STEP 7 OEM version) versions prior to V5.4 HF2, update to V5.4 HF2 or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Pcs 7
Simatic Pdm
Simatic Step 7
Sinamics Starter