CVE-2021-40360

Name of the Vulnerable Software and Affected Versions SIMATIC PCS 7 versions V8.2 through V9.1 SIMATIC PCS 7 version V9.1 prior to V9.1 SP1 SIMATIC WinCC versions V7.4 through V7.4 prior to V7.4 SP1 Update 19 SIMATIC WinCC versions V7.5 through V7.5 prior to V7.5 SP2 Update 6 SIMATIC WinCC versions V15 through V15 prior to V15 SP1 Update 7 SIMATIC WinCC versions V16 through V16 prior to V16 Update 5 SIMATIC WinCC versions V17 through V17 prior to V17 Update 2

Description A vulnerability has been identified that allows the password hash of a local user account to be granted via public API to a user on the affected system. This could enable an authenticated attacker to brute force the password hash and use it to login to the server. The issue is related to the disclosure of information in the Siemens SIMATIC process control system's API interface.

Recommendations For SIMATIC PCS 7 version V9.1, update to V9.1 SP1 or later. For SIMATIC WinCC version V7.4, update to V7.4 SP1 Update 19 or later. For SIMATIC WinCC version V7.5, update to V7.5 SP2 Update 6 or later. For SIMATIC WinCC version V15, update to V15 SP1 Update 7 or later. For SIMATIC WinCC version V16, update to V16 Update 5 or later. For SIMATIC WinCC version V17, update to V17 Update 2 or later. As a temporary workaround, consider restricting access to the public API until a patch is available.