ID

VAR-202109-0846


CVE

CVE-2021-33716


TITLE

SIMATIC CP 1543-1  and  SIMATIC CP 1545-1  Vulnerability in plaintext storage of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011722

DESCRIPTION

A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext. SIPLUS extreme products are designed for reliable operation under extreme conditions, based on SIMATIC, LOGO! , SITOP, SINAMICS, SIMOTION, SCALANCE or other equipment. The SIMATIC CP 1543-1 and SIMATIC CP 1545-1 communication processors connect the S7-1500 controller to the Ethernet. It provides integrated security features, such as firewalls, virtual private networks (VPN), and support for other protocols for data encryption. Many Siemens SIMATIC products have sensitive information leakage vulnerabilities. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.79

sources: NVD: CVE-2021-33716 // JVNDB: JVNDB-2021-011722 // CNVD: CNVD-2021-71448 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-33716

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-71448

AFFECTED PRODUCTS

vendor:siemensmodel:simatic cp 1543-1scope:ltversion:3.0

Trust: 1.0

vendor:siemensmodel:simatic cp 1545-1scope:ltversion:1.1

Trust: 1.0

vendor:シーメンスmodel:simatic cp 1545-1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cp 1543-1scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic cpscope:eqversion:1543-1<v3.0

Trust: 0.6

vendor:siemensmodel:simatic cpscope:eqversion:1545-1

Trust: 0.6

sources: CNVD: CNVD-2021-71448 // JVNDB: JVNDB-2021-011722 // NVD: CVE-2021-33716

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-33716
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-33716
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-71448
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-816
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-33716
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-33716
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-71448
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-33716
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-33716
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-71448 // VULMON: CVE-2021-33716 // JVNDB: JVNDB-2021-011722 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-816 // NVD: CVE-2021-33716

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.0

problemtype:Plaintext storage of important information (CWE-312) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-011722 // NVD: CVE-2021-33716

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202109-816

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-816

PATCH

title:SSA-535997url:https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf

Trust: 0.8

title:Patch for Vulnerabilities in sensitive information disclosure of multiple Siemens SIMATIC productsurl:https://www.cnvd.org.cn/patchInfo/show/291021

Trust: 0.6

title:SIMATIC CP 1543-1 and SIMATIC CP 1545-1 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=162349

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=d9fefe0f15fea36e72513449b164a072

Trust: 0.1

sources: CNVD: CNVD-2021-71448 // VULMON: CVE-2021-33716 // JVNDB: JVNDB-2021-011722 // CNNVD: CNNVD-202109-816

EXTERNAL IDS

db:NVDid:CVE-2021-33716

Trust: 3.9

db:SIEMENSid:SSA-535997

Trust: 2.3

db:ICS CERTid:ICSA-21-257-06

Trust: 1.4

db:JVNid:JVNVU96712416

Trust: 0.8

db:JVNDBid:JVNDB-2021-011722

Trust: 0.8

db:CNVDid:CNVD-2021-71448

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021091604

Trust: 0.6

db:AUSCERTid:ESB-2021.3098

Trust: 0.6

db:CNNVDid:CNNVD-202109-816

Trust: 0.6

db:VULMONid:CVE-2021-33716

Trust: 0.1

sources: CNVD: CNVD-2021-71448 // VULMON: CVE-2021-33716 // JVNDB: JVNDB-2021-011722 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-816 // NVD: CVE-2021-33716

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-33716

Trust: 1.4

url:https://jvn.jp/vu/jvnvu96712416/index.html

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-257-06

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3098

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021091604

Trust: 0.6

url:https://vigilance.fr/vulnerability/simatic-cp-1543-1-1545-1-information-disclosure-via-cleartext-36398

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-257-06

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/312.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-535997.txt

Trust: 0.1

sources: CNVD: CNVD-2021-71448 // VULMON: CVE-2021-33716 // JVNDB: JVNDB-2021-011722 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-816 // NVD: CVE-2021-33716

CREDITS

Siemens reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202109-816

SOURCES

db:CNVDid:CNVD-2021-71448
db:VULMONid:CVE-2021-33716
db:JVNDBid:JVNDB-2021-011722
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-816
db:NVDid:CVE-2021-33716

LAST UPDATE DATE

2024-08-14T12:31:15.414000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-71448date:2022-01-18T00:00:00
db:VULMONid:CVE-2021-33716date:2021-09-23T00:00:00
db:JVNDBid:JVNDB-2021-011722date:2022-08-09T06:52:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-816date:2022-06-15T00:00:00
db:NVDid:CVE-2021-33716date:2022-12-08T18:30:12.390

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-71448date:2021-09-16T00:00:00
db:VULMONid:CVE-2021-33716date:2021-09-14T00:00:00
db:JVNDBid:JVNDB-2021-011722date:2022-08-09T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-816date:2021-09-14T00:00:00
db:NVDid:CVE-2021-33716date:2021-09-14T11:15:24.347