ID

VAR-202201-0855


CVE

CVE-2021-41769


TITLE

Input validation vulnerability in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2022-003210

DESCRIPTION

A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information. Multiple Siemens products contain an input validation vulnerability.Information may be obtained. SIPROTEC 5 devices offer a range of functions for integrated protection, control, measurement and automation of substations and other fields of application. An information disclosure vulnerability exists in Siemens SIPROTEC 5, which can be exploited by attackers to read device information

Trust: 2.16

sources: NVD: CVE-2021-41769 // JVNDB: JVNDB-2022-003210 // CNVD: CNVD-2022-02748

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-02748

AFFECTED PRODUCTS

vendor:siemensmodel:siprotec 6md85 devicesscope:eqversion:5<8.83

Trust: 1.2

vendor:siemensmodel:7sa86scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7ss85scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7vk87scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7sd87scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7sa82scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7sx800scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7sj82scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:6mu85scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7sl86scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7ke85scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7sd82scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7sj81scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7sj85scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7um85scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7sx85scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7ut85scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7ve85scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7sl87scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7sk85scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7sj86scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7sk82scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7ut86scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7ut87scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7sl82scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:6md89scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7ut82scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7sa87scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7sd86scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:6md86scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:6md85scope:ltversion:8.83

Trust: 1.0

vendor:siemensmodel:7st85scope:ltversion:8.83

Trust: 1.0

vendor:シーメンスmodel:siprotec 5 7sa86scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 6md89scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 7sd82scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 6md85scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 7sd86scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 7ke85scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 7sa87scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 6md86scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 6mu85scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 7sa82scope: - version: -

Trust: 0.8

vendor:siemensmodel:siprotec 7sx85 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7um85 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7ut82 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7ut85 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7ut86 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7ut87 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7ve85 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7vk87 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec compact 7sx800 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 6md86 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 6md89 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 6mu85 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7ke85 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7sa82 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7sa86 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7sa87 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7sd82 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7sd86 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7sd87 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7sj81 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7sj82 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7sj85 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7sj86 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7sk82 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7sk85 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7sl82 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7sl86 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7sl87 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7ss85 devicesscope:eqversion:5<8.83

Trust: 0.6

vendor:siemensmodel:siprotec 7st85 devicesscope:eqversion:5<8.83

Trust: 0.6

sources: CNVD: CNVD-2022-02748 // JVNDB: JVNDB-2022-003210 // NVD: CVE-2021-41769

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-41769
value: HIGH

Trust: 1.0

NVD: CVE-2021-41769
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-02748
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202201-870
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-41769
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2022-02748
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-41769
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-41769
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-02748 // JVNDB: JVNDB-2022-003210 // CNNVD: CNNVD-202201-870 // NVD: CVE-2021-41769

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-003210 // NVD: CVE-2021-41769

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-870

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202201-870

PATCH

title:SSA-439673url:https://cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf

Trust: 0.8

title:Patch for Siemens SIPROTEC 5 Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/313041

Trust: 0.6

title:Siemens SIPROTEC 5 Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178996

Trust: 0.6

sources: CNVD: CNVD-2022-02748 // JVNDB: JVNDB-2022-003210 // CNNVD: CNNVD-202201-870

EXTERNAL IDS

db:NVDid:CVE-2021-41769

Trust: 3.8

db:SIEMENSid:SSA-439673

Trust: 2.2

db:ICS CERTid:ICSA-22-013-04

Trust: 1.4

db:JVNid:JVNVU98508242

Trust: 0.8

db:JVNDBid:JVNDB-2022-003210

Trust: 0.8

db:CNVDid:CNVD-2022-02748

Trust: 0.6

db:CS-HELPid:SB2022011802

Trust: 0.6

db:CNNVDid:CNNVD-202201-870

Trust: 0.6

sources: CNVD: CNVD-2022-02748 // JVNDB: JVNDB-2022-003210 // CNNVD: CNNVD-202201-870 // NVD: CVE-2021-41769

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-41769

Trust: 1.4

url:https://jvn.jp/vu/jvnvu98508242/index.html

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-013-04

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022011802

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-013-04

Trust: 0.6

sources: CNVD: CNVD-2022-02748 // JVNDB: JVNDB-2022-003210 // CNNVD: CNNVD-202201-870 // NVD: CVE-2021-41769

CREDITS

Siemens reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202201-870

SOURCES

db:CNVDid:CNVD-2022-02748
db:JVNDBid:JVNDB-2022-003210
db:CNNVDid:CNNVD-202201-870
db:NVDid:CVE-2021-41769

LAST UPDATE DATE

2024-08-14T12:49:27.006000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-02748date:2022-01-18T00:00:00
db:JVNDBid:JVNDB-2022-003210date:2023-02-10T06:27:00
db:CNNVDid:CNNVD-202201-870date:2022-02-10T00:00:00
db:NVDid:CVE-2021-41769date:2022-01-19T16:49:32.947

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-02748date:2022-01-12T00:00:00
db:JVNDBid:JVNDB-2022-003210date:2023-02-10T00:00:00
db:CNNVDid:CNNVD-202201-870date:2022-01-11T00:00:00
db:NVDid:CVE-2021-41769date:2022-01-11T12:15:10.037