Sinamics Sl150 Firmware
CVE-2021-31337
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage Products (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).
AnalysisAI
The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage Products (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions). Affected products include: Siemens Sinamics Sl150 Firmware, Siemens Sinamics Sm150 Firmware, Siemens Sinamics Sm150I Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.
More in Sinamics Sl150 Firmware
View allA vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. Rated critical severity
A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. Rated critical severity (CVSS 9.8), this vulner
SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access
A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. Rated high severity (CVS
A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. Rated high severity (CVS
A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. Rated high severity (CVS
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a loc
Affected devices improperly handle large amounts of specially crafted UDP packets. Rated high severity (CVSS 7.5), this
An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time
The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. Rated hig
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today