CVE-2021-44222
published 2022-07-12CVE-2021-44222: A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform…
PriorityP263critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
1.14%
62.6th percentile
A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_easie_core_package | < 22.00 | 22.00 |
| siemens | simatic_easie_core_package | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The underlying MQTT service on SIMATIC eaSie Core Package runs without authentication in its default configuration — monitor for unauthenticated MQTT connections (typically TCP port 1883) to these devices as a strong indicator of exploitation attempts. ↗
- →Alert on any remote, unauthenticated MQTT CONNECT packets directed at SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8) running versions prior to v22.00, as these represent the attack surface for CVE-2021-44222. ↗
- ·The MQTT service lacks authentication only in the DEFAULT configuration; deployments that have manually enabled authentication are not exposed to this specific vulnerability. Detection logic should account for whether authentication has been configured. ↗
- ·No known public exploits specifically target this vulnerability at the time of advisory publication, reducing (but not eliminating) the likelihood of opportunistic exploitation. ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4mhg-63jh-q754: A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22
ghsa_unreviewed·2022-07-13
CVE-2021-44222 [CRITICAL] CWE-306 GHSA-4mhg-63jh-q754: A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22
A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system.
CISA ICS
Siemens SIMATIC eaSie Core Package
cisa_ics·2022-07-14·CVSS 7.5
[HIGH] Siemens SIMATIC eaSie Core Package
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SIMATIC eaSie Core Package
Last RevisedJuly 14, 2022
Alert CodeICSA-22-195-15
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC eaSie
- Vulnerabilities: Improper Input Validation, Missing Authentication for Critical Function
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to send arbitrary messages within the affected system or to crash attached applications.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The follow
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-07-12
Published