PT-2021-22878 · Siemens · Simatic Wincc+1
Published
2021-11-09
·
Updated
2023-04-11
·
CVE-2021-40364
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SIMATIC PCS 7 versions prior to V9.1 SP1
SIMATIC PCS 7 version V8.2
SIMATIC PCS 7 version V9.0 through V9.0 SP3 UC03
SIMATIC WinCC versions prior to V15 SP1 Update 7
SIMATIC WinCC versions prior to V16 Update 5
SIMATIC WinCC versions prior to V17 Update 2
SIMATIC WinCC versions prior to V7.4 SP1 Update 19
SIMATIC WinCC versions prior to V7.5 SP2 Update 5
Description
A vulnerability has been identified that affects the storage of sensitive information in log files. An attacker with access to these log files could publicly expose the information or reuse it to develop further attacks on the system.
Recommendations
For SIMATIC PCS 7 version V8.2, update to a version later than V8.2.
For SIMATIC PCS 7 version V9.0, update to V9.0 SP3 UC04 or later.
For SIMATIC PCS 7 version V9.1, update to V9.1 SP1 or later.
For SIMATIC WinCC version V15 and earlier, update to V15 SP1 Update 7 or later.
For SIMATIC WinCC version V16, update to V16 Update 5 or later.
For SIMATIC WinCC version V17, update to V17 Update 2 or later.
For SIMATIC WinCC version V7.4, update to V7.4 SP1 Update 19 or later.
For SIMATIC WinCC version V7.5, update to V7.5 SP2 Update 5 or later.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Pcs 7
Simatic Wincc