Vulnerability Description
A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All versions), SIMATIC Process Historian 2020 (All versions). An interface in the software that is used for critical functionalities lacks authentication, which could allow a malicious user to maliciously insert, modify or delete data.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic Process Historian 2013 | All versions |
| Siemens | Simatic Process Historian 2014 | - |
| Siemens | Simatic Process Historian 2019 | All versions |
| Siemens | Simatic Process Historian 2020 | All versions |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-766247.pdfVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-766247.pdfVendor Advisory
FAQ
What is CVE-2021-27395?
CVE-2021-27395 is a vulnerability with a CVSS score of 8.1 (HIGH). A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All vers...
How severe is CVE-2021-27395?
CVE-2021-27395 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27395?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Process Historian 2013, Siemens Simatic Process Historian 2014, Siemens Simatic Process Historian 2019, Siemens Simatic Process Historian 2020.