CVE-2021-27395

Severity Score

8.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All versions), SIMATIC Process Historian 2020 (All versions). An interface in the software that is used for critical functionalities lacks authentication, which could allow a malicious user to maliciously insert, modify or delete data.

Se ha identificado una vulnerabilidad en SIMATIC Process Historian 2013 y anteriores (Todas las versiones), SIMATIC Process Historian 2014 (Todas las versiones anteriores a SP3 Update 6), SIMATIC Process Historian 2019 (Todas las versiones), SIMATIC Process Historian 2020 (Todas las versiones). Una interfaz en el software que es usada para funcionalidades críticas carece de autenticación, lo que podría permitir a un usuario malicioso insertar, modificar o eliminar datos de forma maliciosa

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-02-18 CVE Reserved
2021-10-12 CVE Published
2023-05-05 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-306: Missing Authentication for Critical Function

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-766247.pdf	2021-10-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"		Simatic Process Historian 2013 Search vendor "Siemens" for product "Simatic Process Historian 2013"				*		-		Affected
Siemens Search vendor "Siemens"		Simatic Process Historian 2014 Search vendor "Siemens" for product "Simatic Process Historian 2014"				-		sp1		Affected
Siemens Search vendor "Siemens"		Simatic Process Historian 2014 Search vendor "Siemens" for product "Simatic Process Historian 2014"				-		sp2		Affected
Siemens Search vendor "Siemens"		Simatic Process Historian 2014 Search vendor "Siemens" for product "Simatic Process Historian 2014"				-		sp3		Affected
Siemens Search vendor "Siemens"		Simatic Process Historian 2014 Search vendor "Siemens" for product "Simatic Process Historian 2014"				-		sp3_update4		Affected
Siemens Search vendor "Siemens"		Simatic Process Historian 2019 Search vendor "Siemens" for product "Simatic Process Historian 2019"				*		-		Affected
Siemens Search vendor "Siemens"		Simatic Process Historian 2020 Search vendor "Siemens" for product "Simatic Process Historian 2020"				*		-		Affected