Vulnerability Description
A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Climatix Pol909 Firmware | < 11.34 |
| Siemens | Climatix Pol909 | - |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-703715.pdfVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-703715.pdfVendor Advisory
FAQ
What is CVE-2021-40366?
CVE-2021-40366 is a vulnerability with a CVSS score of 7.4 (HIGH). A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data wit...
How severe is CVE-2021-40366?
CVE-2021-40366 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-40366?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Climatix Pol909 Firmware, Siemens Climatix Pol909.