cbcvebase.
CVE-2021-44222
published 2022-07-12

CVE-2021-44222: A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform…

PriorityP263critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
1.14%
62.6th percentile
A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system.

Affected

2 ranges
VendorProductVersion rangeFixed in
siemenssimatic_easie_core_package< 22.0022.00
siemenssimatic_easie_core_package

Detection & IOCsextracted from sources · hover to see the quote

  • The underlying MQTT service on SIMATIC eaSie Core Package runs without authentication in its default configuration — monitor for unauthenticated MQTT connections (typically TCP port 1883) to these devices as a strong indicator of exploitation attempts.
  • Alert on any remote, unauthenticated MQTT CONNECT packets directed at SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8) running versions prior to v22.00, as these represent the attack surface for CVE-2021-44222.
  • ·The MQTT service lacks authentication only in the DEFAULT configuration; deployments that have manually enabled authentication are not exposed to this specific vulnerability. Detection logic should account for whether authentication has been configured.
  • ·No known public exploits specifically target this vulnerability at the time of advisory publication, reducing (but not eliminating) the likelihood of opportunistic exploitation.

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.