CVE-2021-27385 — Uncontrolled Resource Consumption in Siemens Simatic HMI Comfort Outdoor Panels 15 Firmware

CWE-400 — Uncontrolled Resource Consumption CWE-835 — Infinite Loop3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 46.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic HMI Comfort Outdoor Panels 15 Firmware Siemens Simatic HMI Comfort Outdoor Panels 7 Firmware Siemens Simatic HMI Comfort Panels 22 Firmware +21 more

Timeline

PublishedMay 12

Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KT…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages24 packages

▶NVDsiemens/simatic_hmi_comfort_outdoor_panels_7_firmware< 16+3

▶NVDsiemens/simatic_hmi_ktp_mobile_panels_ktp700_firmware< 16+3

▶NVDsiemens/simatic_hmi_ktp_mobile_panels_ktp900_firmware< 16+3

▶NVDsiemens/simatic_hmi_comfort_outdoor_panels_15_firmware< 16+3

▶NVDsiemens/simatic_hmi_ktp_mobile_panels_ktp700f_firmware< 16+3

🔴Vulnerability Details

GHSA

GHSA-w394-4962-55g6: A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl↗2022-05-24

▶

CVEList

CVE-2021-27385: A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl↗2021-05-12

▶