ID

VAR-202111-0484


CVE

CVE-2021-40358


TITLE

SIMATIC PCS 7  and  SIMATIC WinCC  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014830

DESCRIPTION

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations on the web server of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files. SIMATIC PCS 7 and SIMATIC WinCC Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2021-40358 // JVNDB: JVNDB-2021-014830 // VULHUB: VHN-401715 // VULMON: CVE-2021-40358

AFFECTED PRODUCTS

vendor:siemensmodel:simatic winccscope:eqversion:7.5

Trust: 1.0

vendor:siemensmodel:simatic winccscope:eqversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic winccscope:eqversion:16

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:eqversion:9.0

Trust: 1.0

vendor:siemensmodel:simatic winccscope:eqversion:7.4

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:eqversion:9.1

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:eqversion:8.2

Trust: 1.0

vendor:siemensmodel:simatic winccscope:eqversion:15

Trust: 1.0

vendor:siemensmodel:simatic winccscope:eqversion:17

Trust: 1.0

vendor:シーメンスmodel:simatic winccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic pcs 7scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-014830 // NVD: CVE-2021-40358

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-40358
value: CRITICAL

Trust: 1.0

productcert@siemens.com: CVE-2021-40358
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-40358
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202111-777
value: CRITICAL

Trust: 0.6

VULHUB: VHN-401715
value: HIGH

Trust: 0.1

VULMON: CVE-2021-40358
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-40358
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-401715
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-40358
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2021-40358
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-40358
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-401715 // VULMON: CVE-2021-40358 // JVNDB: JVNDB-2021-014830 // CNNVD: CNNVD-202111-777 // NVD: CVE-2021-40358 // NVD: CVE-2021-40358

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-401715 // JVNDB: JVNDB-2021-014830 // NVD: CVE-2021-40358

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-777

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202111-777

PATCH

title:SSA-840188url:https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf

Trust: 0.8

title:Siemens SIMATIC PCS 7 and SIMATIC WinCC Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=169659

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=3a61c08d20a7380576ecaddca7385945

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2021-40358

Trust: 0.1

sources: VULMON: CVE-2021-40358 // JVNDB: JVNDB-2021-014830 // CNNVD: CNNVD-202111-777

EXTERNAL IDS

db:NVDid:CVE-2021-40358

Trust: 3.4

db:SIEMENSid:SSA-840188

Trust: 1.8

db:ICS CERTid:ICSA-21-315-03

Trust: 1.5

db:JVNid:JVNVU95671889

Trust: 0.8

db:JVNDBid:JVNDB-2021-014830

Trust: 0.8

db:AUSCERTid:ESB-2021.3874

Trust: 0.6

db:CNNVDid:CNNVD-202111-777

Trust: 0.6

db:VULHUBid:VHN-401715

Trust: 0.1

db:VULMONid:CVE-2021-40358

Trust: 0.1

sources: VULHUB: VHN-401715 // VULMON: CVE-2021-40358 // JVNDB: JVNDB-2021-014830 // CNNVD: CNNVD-202111-777 // NVD: CVE-2021-40358

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf

Trust: 1.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-03

Trust: 0.9

url:http://jvn.jp/vu/jvnvu95671889/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-40358

Trust: 0.8

url:https://vigilance.fr/vulnerability/simatic-multiple-vulnerabilities-via-wincc-36835

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3874

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-315-03

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2021-40358

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-401715 // VULMON: CVE-2021-40358 // JVNDB: JVNDB-2021-014830 // CNNVD: CNNVD-202111-777 // NVD: CVE-2021-40358

CREDITS

Thomas Riedmaier from Siemens Energy reported these vulnerabilities to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202111-777

SOURCES

db:VULHUBid:VHN-401715
db:VULMONid:CVE-2021-40358
db:JVNDBid:JVNDB-2021-014830
db:CNNVDid:CNNVD-202111-777
db:NVDid:CVE-2021-40358

LAST UPDATE DATE

2024-08-14T12:57:02.480000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-401715date:2022-10-19T00:00:00
db:VULMONid:CVE-2021-40358date:2022-10-19T00:00:00
db:JVNDBid:JVNDB-2021-014830date:2022-10-28T06:57:00
db:CNNVDid:CNNVD-202111-777date:2023-04-12T00:00:00
db:NVDid:CVE-2021-40358date:2023-04-11T10:15:10.600

SOURCES RELEASE DATE

db:VULHUBid:VHN-401715date:2021-11-09T00:00:00
db:VULMONid:CVE-2021-40358date:2021-11-09T00:00:00
db:JVNDBid:JVNDB-2021-014830date:2022-10-28T00:00:00
db:CNNVDid:CNNVD-202111-777date:2021-11-09T00:00:00
db:NVDid:CVE-2021-40358date:2021-11-09T12:15:09.930