Details of VAR-202109-0846

ID

VAR-202109-0846

CVE

CVE-2021-33716

TITLE

SIMATIC CP 1543-1 and SIMATIC CP 1545-1 Vulnerability in plaintext storage of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011722

DESCRIPTION

A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext. SIPLUS extreme products are designed for reliable operation under extreme conditions, based on SIMATIC, LOGO! , SITOP, SINAMICS, SIMOTION, SCALANCE or other equipment. The SIMATIC CP 1543-1 and SIMATIC CP 1545-1 communication processors connect the S7-1500 controller to the Ethernet. It provides integrated security features, such as firewalls, virtual private networks (VPN), and support for other protocols for data encryption. Many Siemens SIMATIC products have sensitive information leakage vulnerabilities. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.79

sources: NVD: CVE-2021-33716 // JVNDB: JVNDB-2021-011722 // CNVD: CNVD-2021-71448 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-33716

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-71448

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic cp 1543-1	scope:	lt	version:	3.0	Trust: 1.0
vendor:	siemens	model:	simatic cp 1545-1	scope:	lt	version:	1.1	Trust: 1.0
vendor:	シーメンス	model:	simatic cp 1545-1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic cp 1543-1	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic cp	scope:	eq	version:	1543-1<v3.0	Trust: 0.6
vendor:	siemens	model:	simatic cp	scope:	eq	version:	1545-1	Trust: 0.6

sources: CNVD: CNVD-2021-71448 // JVNDB: JVNDB-2021-011722 // NVD: CVE-2021-33716

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33716
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-33716
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-71448
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-816
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-33716
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-33716
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-71448
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-33716
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33716
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-71448 // VULMON: CVE-2021-33716 // JVNDB: JVNDB-2021-011722 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-816 // NVD: CVE-2021-33716

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.0
problemtype:	Plaintext storage of important information (CWE-312) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-011722 // NVD: CVE-2021-33716

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202109-816

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-816

PATCH

title:	SSA-535997	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf	Trust: 0.8
title:	Patch for Vulnerabilities in sensitive information disclosure of multiple Siemens SIMATIC products	url:	https://www.cnvd.org.cn/patchInfo/show/291021	Trust: 0.6
title:	SIMATIC CP 1543-1 and SIMATIC CP 1545-1 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=162349	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=d9fefe0f15fea36e72513449b164a072	Trust: 0.1

sources: CNVD: CNVD-2021-71448 // VULMON: CVE-2021-33716 // JVNDB: JVNDB-2021-011722 // CNNVD: CNNVD-202109-816

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33716	Trust: 3.9
db:	SIEMENS	id:	SSA-535997	Trust: 2.3
db:	ICS CERT	id:	ICSA-21-257-06	Trust: 1.4
db:	JVN	id:	JVNVU96712416	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-011722	Trust: 0.8
db:	CNVD	id:	CNVD-2021-71448	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021091604	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3098	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-816	Trust: 0.6
db:	VULMON	id:	CVE-2021-33716	Trust: 0.1

sources: CNVD: CNVD-2021-71448 // VULMON: CVE-2021-33716 // JVNDB: JVNDB-2021-011722 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-816 // NVD: CVE-2021-33716

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33716	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu96712416/index.html	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-21-257-06	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3098	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021091604	Trust: 0.6
url:	https://vigilance.fr/vulnerability/simatic-cp-1543-1-1545-1-information-disclosure-via-cleartext-36398	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-257-06	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/312.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-535997.txt	Trust: 0.1

sources: CNVD: CNVD-2021-71448 // VULMON: CVE-2021-33716 // JVNDB: JVNDB-2021-011722 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-816 // NVD: CVE-2021-33716

CREDITS

Siemens reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202109-816

SOURCES

db:	CNVD	id:	CNVD-2021-71448
db:	VULMON	id:	CVE-2021-33716
db:	JVNDB	id:	JVNDB-2021-011722
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202109-816
db:	NVD	id:	CVE-2021-33716

LAST UPDATE DATE

2024-08-14T12:31:15.414000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-71448	date:	2022-01-18T00:00:00
db:	VULMON	id:	CVE-2021-33716	date:	2021-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-011722	date:	2022-08-09T06:52:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202109-816	date:	2022-06-15T00:00:00
db:	NVD	id:	CVE-2021-33716	date:	2022-12-08T18:30:12.390

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-71448	date:	2021-09-16T00:00:00
db:	VULMON	id:	CVE-2021-33716	date:	2021-09-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-011722	date:	2022-08-09T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202109-816	date:	2021-09-14T00:00:00
db:	NVD	id:	CVE-2021-33716	date:	2021-09-14T11:15:24.347