CVE-2021-31893

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

7.8HIGH

EPSS

0.2%

top 62.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic PDM Firmware Siemens Sinamics Starter Firmware Siemens Simatic PCS Firmware +6 more

Timeline

PublishedJul 13

Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). The affected software contains a buffer overflow vulnerability while handling certain files that could allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code exec…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

▶NVDsiemens/simatic_step_7_firmware5.6

▶CVEListV5siemens/simatic_step_7_v5.xAll versions < V5.6 SP2 HF3

▶CVEListV5siemens/sinamics_starter_(containing_step_7_oem_version)All versions < V5.4 HF2

▶CVEListV5siemens/simatic_pcs_7_v8.2_and_earlierAll versions

▶NVDsiemens/simatic_pdm_firmware< 9.2

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-47m5-c425-v4ww: A vulnerability has been identified in SIMATIC PCS 7 V8↗2022-05-24

▶

CVEList

CVE-2021-31893: A vulnerability has been identified in SIMATIC PCS 7 V8↗2021-07-13

▶