Skip to main content

Sinamics Sl150 Firmware CVE-2021-31337

CRITICAL
Missing Authentication for Critical Function (CWE-306)
2021-06-28 productcert@siemens.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 28, 2021 - 13:15 nvd
CRITICAL 9.8

DescriptionNVD

The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage Products (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).

AnalysisAI

The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage Products (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions). Affected products include: Siemens Sinamics Sl150 Firmware, Siemens Sinamics Sm150 Firmware, Siemens Sinamics Sm150I Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.

CVE-2021-27384 CRITICAL
9.8 May 12

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. Rated critical severity

CVE-2020-15798 CRITICAL
9.8 Feb 09

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. Rated critical severity (CVSS 9.8), this vulner

CVE-2021-27388 CRITICAL
9.8 Jun 15

SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access

CVE-2021-27386 HIGH
7.5 May 12

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. Rated high severity (CVS

CVE-2021-27383 HIGH
7.5 May 12

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. Rated high severity (CVS

CVE-2021-27385 HIGH
7.5 May 12

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. Rated high severity (CVS

CVE-2017-2680 HIGH
7.1 May 11

Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a loc

CVE-2019-10936 HIGH
7.5 Oct 10

Affected devices improperly handle large amounts of specially crafted UDP packets. Rated high severity (CVSS 7.5), this

CVE-2019-10923 HIGH
7.5 Oct 10

An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time

CVE-2019-6568 HIGH
7.5 Apr 17

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. Rated hig

Share

CVE-2021-31337 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy