Skip to main content

Sinamics Sl150 Firmware CVE-2021-27388

CRITICAL
Improper Input Validation (CWE-20)
2021-06-15 productcert@siemens.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 15, 2021 - 20:15 nvd
CRITICAL 9.8

DescriptionNVD

SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands on the SINAMICS Medium Voltage Products, Remote Access (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).

AnalysisAI

SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands on the SINAMICS Medium Voltage Products, Remote Access (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions). Affected products include: Siemens Sinamics Sl150 Firmware, Siemens Sinamics Sm150 Firmware, Siemens Sinamics Sm150I Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-27384 CRITICAL
9.8 May 12

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. Rated critical severity

CVE-2020-15798 CRITICAL
9.8 Feb 09

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. Rated critical severity (CVSS 9.8), this vulner

CVE-2021-31337 CRITICAL
9.8 Jun 28

The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authenticati

CVE-2021-27386 HIGH
7.5 May 12

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. Rated high severity (CVS

CVE-2021-27383 HIGH
7.5 May 12

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. Rated high severity (CVS

CVE-2021-27385 HIGH
7.5 May 12

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. Rated high severity (CVS

CVE-2017-2680 HIGH
7.1 May 11

Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a loc

CVE-2019-10936 HIGH
7.5 Oct 10

Affected devices improperly handle large amounts of specially crafted UDP packets. Rated high severity (CVSS 7.5), this

CVE-2019-10923 HIGH
7.5 Oct 10

An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time

CVE-2019-6568 HIGH
7.5 Apr 17

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. Rated hig

Share

CVE-2021-27388 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy