PT-2021-19569 · Siemens · Simatic Pdm+3
Published
2021-07-13
·
Updated
2022-08-10
·
CVE-2021-31894
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
SIMATIC PCS 7 versions V8.2 and earlier
SIMATIC PCS 7 versions prior to V9.1 SP2
SIMATIC PDM versions prior to V9.2 SP2
SIMATIC STEP 7 versions prior to V5.7
SINAMICS STARTER versions prior to V5.4 SP2 HF1
Description:
A vulnerability has been identified where a directory containing metafiles relevant to devices' configurations has write permissions. An attacker could leverage this vulnerability by changing the content of certain metafiles and subsequently manipulate parameters or behavior of devices that would be later configured by the affected software.
Recommendations:
For SIMATIC PCS 7 versions V8.2 and earlier, update to a version later than V8.2.
For SIMATIC PCS 7 versions prior to V9.1 SP2, update to V9.1 SP2 or later.
For SIMATIC PDM versions prior to V9.2 SP2, update to V9.2 SP2 or later.
For SIMATIC STEP 7 versions prior to V5.7, update to V5.7 or later.
For SINAMICS STARTER versions prior to V5.4 SP2 HF1, update to V5.4 SP2 HF1 or later.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Pcs 7
Simatic Pdm
Simatic Step 7
Sinamics Starter