PT-2021-21548 · Siemens · Tia Portal+1

Published

2021-08-10

Updated

2022-07-01

CVE-2021-37172

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions SIMATIC S7-1200 CPU family (incl. SIPLUS variants) version 4.5.0

Description A vulnerability has been identified where affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC.

Recommendations For SIMATIC S7-1200 CPU family (incl. SIPLUS variants) version 4.5.0, ensure that the device is provisioned using TIA Portal V13 SP1 or any later version to prevent the vulnerability.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2021-37172

Affected Products

Simatic S7-1200 Cpu

Tia Portal

PT-2021-21548 · Siemens · Tia Portal+1

CVE-2021-37172

Weakness Enumeration

Related Identifiers

Affected Products

References · 4