Vulnerability Description
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic S7-1200 Cpu Firmware | 4.5.0 |
| Siemens | Cpu 1211C | - |
| Siemens | Cpu 1212C | - |
| Siemens | Cpu 1212Fc | - |
| Siemens | Cpu 1214C | - |
| Siemens | Cpu 1214Fc | - |
| Siemens | Cpu 1215C | - |
| Siemens | Cpu 1215Fc | - |
| Siemens | Cpu 1217C | - |
| Siemens | Simatic Step 7 \(Tia Portal\) | <= 13.0 |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdfPatchVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdfPatchVendor Advisory
FAQ
What is CVE-2021-37172?
CVE-2021-37172 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal...
How severe is CVE-2021-37172?
CVE-2021-37172 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37172?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic S7-1200 Cpu Firmware, Siemens Cpu 1211C, Siemens Cpu 1212C, Siemens Cpu 1212Fc, Siemens Cpu 1214C.