CVE-2021-42029

Name of the Vulnerable Software and Affected Versions SIMATIC STEP 7 (TIA Portal) V15 (All versions) SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5) SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2)

Description A vulnerability has been identified due to improper access control in the engineering system software, allowing an attacker to achieve privilege escalation on the web server of certain devices. The attacker needs to have direct access to the impacted web server.

Recommendations For SIMATIC STEP 7 (TIA Portal) V15, update to a version that includes the necessary security fixes. For SIMATIC STEP 7 (TIA Portal) V16, update to V16 Update 5 or later. For SIMATIC STEP 7 (TIA Portal) V17, update to V17 Update 2 or later. As a temporary workaround, consider restricting access to the web server to minimize the risk of exploitation.