CVE-2021-27395

Опубликовано: 12 окт. 2021

Источник: nvd

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All versions), SIMATIC Process Historian 2020 (All versions). An interface in the software that is used for critical functionalities lacks authentication, which could allow a malicious user to maliciously insert, modify or delete data.

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-766247.pdf
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-766247.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:siemens:simatic_process_historian_2013:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_process_historian_2014:-:sp1:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_process_historian_2014:-:sp2:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_process_historian_2014:-:sp3:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_process_historian_2014:-:sp3_update4:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_process_historian_2019:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_process_historian_2020:*:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00248

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-9j28-jmqh-8rph

github

больше 3 лет назад