CVE-2021-40359

CWE-22 — Path Traversal3 documents3 sources

Severity

7.5HIGH

EPSS

0.4%

top 38.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simaticpcs 7 Siemens Simatic Wincc Siemens Openpcs 7 V8.2 +23 more

Timeline

PublishedNov 9

Latest updateMay 24

Description

A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd4), OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 6), SIMATIC NET PC Software V17 (All versions < V17 SP1), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 3.1 | Impact: 4.0

Affected Packages26 packages

▶NVDsiemens/simatic_route_control8.2, 9.0, 9.1+2

▶CVEListV5siemens/simatic_route_control_v8.2All versions

▶CVEListV5siemens/simatic_route_control_v9.0All versions

▶CVEListV5siemens/simatic_route_control_v9.1All versions

▶CVEListV5siemens/simatic_wincc_v15_and_earlierAll versions < V15 SP1 Update 7

🔴Vulnerability Details

GHSA

GHSA-6gc3-vp66-4fcm: A vulnerability has been identified in SIMATIC PCS 7 V8↗2022-05-24

▶

CVEList

CVE-2021-40359: A vulnerability has been identified in OpenPCS 7 V8↗2021-11-09

▶