PT-2022-12022 · Siemens · Simatic Easie Core Package

Published

2022-07-12

Updated

2022-07-15

CVE-2021-44222

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions SIMATIC eaSie Core Package versions prior to V22.00

Description A vulnerability has been identified where the underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and issue arbitrary requests in the affected system.

Recommendations For versions prior to V22.00, update to version V22.00 or later to resolve the issue. As a temporary workaround, consider configuring the MQTT service to perform authentication to minimize the risk of exploitation.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2021-44222

Affected Products

Simatic Easie Core Package

PT-2022-12022 · Siemens · Simatic Easie Core Package

CVE-2021-44222

Weakness Enumeration

Related Identifiers

Affected Products

References · 3