CVE-2021-40359

Severity Score

7.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd4), OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 6), SIMATIC NET PC Software V17 (All versions < V17 SP1), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files.

Se ha identificado una vulnerabilidad en OpenPCS 7 V8.2 (Todas las versiones), OpenPCS 7 V9.0 (Todas las versiones anteriores a la versión a la versión V9.0 Upd4), OpenPCS 7 V9.1 (Todas las versiones), SIMATIC BATCH V8.2 (Todas las versiones), SIMATIC BATCH V9.0 (Todas las versiones), SIMATIC BATCH V9. 1 (Todas las versiones), SIMATIC NET PC Software V14 (Todas las versiones), SIMATIC NET PC Software V15 (Todas las versiones), SIMATIC NET PC Software V16 (Todas las versiones anteriores a la versión a la versión V16 Update 6), SIMATIC NET PC Software V17 (Todas las versiones anteriores a la versión a la versión V17 SP1), SIMATIC PCS 7 V8.2 (Todas las versiones), SIMATIC PCS 7 V9. 0 (Todas las versiones anteriores a la versión a la versión V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (Todas las versiones anteriores a la versión a la versión V9.1 SP1), SIMATIC Route Control V8.2 (Todas las versiones), SIMATIC Route Control V9.0 (Todas las versiones), SIMATIC Route Control V9. 1 (Todas las versiones), SIMATIC WinCC V15 y anteriores (Todas las versiones anteriores a la versión a la versión V15 SP1 Update 7), SIMATIC WinCC V16 (Todas las versiones anteriores a la versión a la versión V16 Update 5), SIMATIC WinCC V17 (Todas las versiones anteriores a la versión a la versión V17 Update 2), SIMATIC WinCC V7.4 (Todas las versiones anteriores a la versión V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (Todas las versiones anteriores a la versión V7.5 SP2 Update 5). Al descargar archivos, los sistemas afectados no neutralizan correctamente los elementos especiales dentro del nombre de la ruta. Un atacante podría entonces hacer que el nombre de ruta se resuelva en una ubicación fuera del directorio restringido en el servidor y leer archivos críticos inesperados

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-09-01 CVE Reserved
2021-11-09 CVE Published
2024-05-07 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf	2023-04-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"		Simatic Batch Search vendor "Siemens" for product "Simatic Batch"				8.2 Search vendor "Siemens" for product "Simatic Batch" and version "8.2"		-		Affected
Siemens Search vendor "Siemens"		Simatic Batch Search vendor "Siemens" for product "Simatic Batch"				8.2 Search vendor "Siemens" for product "Simatic Batch" and version "8.2"		upd_9		Affected
Siemens Search vendor "Siemens"		Simatic Batch Search vendor "Siemens" for product "Simatic Batch"				9.0 Search vendor "Siemens" for product "Simatic Batch" and version "9.0"		-		Affected
Siemens Search vendor "Siemens"		Simatic Batch Search vendor "Siemens" for product "Simatic Batch"				9.0 Search vendor "Siemens" for product "Simatic Batch" and version "9.0"		sp1		Affected
Siemens Search vendor "Siemens"		Simatic Batch Search vendor "Siemens" for product "Simatic Batch"				9.0 Search vendor "Siemens" for product "Simatic Batch" and version "9.0"		sp1_update_1		Affected
Siemens Search vendor "Siemens"		Simatic Batch Search vendor "Siemens" for product "Simatic Batch"				9.0 Search vendor "Siemens" for product "Simatic Batch" and version "9.0"		sp1_update_2		Affected
Siemens Search vendor "Siemens"		Simatic Batch Search vendor "Siemens" for product "Simatic Batch"				9.0 Search vendor "Siemens" for product "Simatic Batch" and version "9.0"		sp1_update_3		Affected
Siemens Search vendor "Siemens"		Simatic Batch Search vendor "Siemens" for product "Simatic Batch"				9.0 Search vendor "Siemens" for product "Simatic Batch" and version "9.0"		sp1_update_4		Affected
Siemens Search vendor "Siemens"		Simatic Batch Search vendor "Siemens" for product "Simatic Batch"				9.1 Search vendor "Siemens" for product "Simatic Batch" and version "9.1"		-		Affected
Siemens Search vendor "Siemens"		Simatic Net Pc Search vendor "Siemens" for product "Simatic Net Pc"				14 Search vendor "Siemens" for product "Simatic Net Pc" and version "14"		-		Affected
Siemens Search vendor "Siemens"		Simatic Net Pc Search vendor "Siemens" for product "Simatic Net Pc"				15 Search vendor "Siemens" for product "Simatic Net Pc" and version "15"		-		Affected
Siemens Search vendor "Siemens"		Simatic Net Pc Search vendor "Siemens" for product "Simatic Net Pc"				16 Search vendor "Siemens" for product "Simatic Net Pc" and version "16"		-		Affected
Siemens Search vendor "Siemens"		Simatic Net Pc Search vendor "Siemens" for product "Simatic Net Pc"				16 Search vendor "Siemens" for product "Simatic Net Pc" and version "16"		update1		Affected
Siemens Search vendor "Siemens"		Simatic Net Pc Search vendor "Siemens" for product "Simatic Net Pc"				17 Search vendor "Siemens" for product "Simatic Net Pc" and version "17"		-		Affected
Siemens Search vendor "Siemens"		Simatic Route Control Search vendor "Siemens" for product "Simatic Route Control"				8.2 Search vendor "Siemens" for product "Simatic Route Control" and version "8.2"		-		Affected
Siemens Search vendor "Siemens"		Simatic Route Control Search vendor "Siemens" for product "Simatic Route Control"				9.0 Search vendor "Siemens" for product "Simatic Route Control" and version "9.0"		-		Affected
Siemens Search vendor "Siemens"		Simatic Route Control Search vendor "Siemens" for product "Simatic Route Control"				9.1 Search vendor "Siemens" for product "Simatic Route Control" and version "9.1"		-		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Search vendor "Siemens" for product "Simatic Wincc"				<= 7.4 Search vendor "Siemens" for product "Simatic Wincc" and version " <= 7.4"		-		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Search vendor "Siemens" for product "Simatic Wincc"				7.5 Search vendor "Siemens" for product "Simatic Wincc" and version "7.5"		-		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Search vendor "Siemens" for product "Simatic Wincc"				7.5 Search vendor "Siemens" for product "Simatic Wincc" and version "7.5"		-		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Search vendor "Siemens" for product "Simatic Wincc"				7.5 Search vendor "Siemens" for product "Simatic Wincc" and version "7.5"		sp1		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Search vendor "Siemens" for product "Simatic Wincc"				7.5 Search vendor "Siemens" for product "Simatic Wincc" and version "7.5"		sp1_update1		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Search vendor "Siemens" for product "Simatic Wincc"				7.5 Search vendor "Siemens" for product "Simatic Wincc" and version "7.5"		sp1_update2		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Search vendor "Siemens" for product "Simatic Wincc"				7.5 Search vendor "Siemens" for product "Simatic Wincc" and version "7.5"		sp2		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Search vendor "Siemens" for product "Simatic Wincc"				7.5 Search vendor "Siemens" for product "Simatic Wincc" and version "7.5"		sp2_update1		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Search vendor "Siemens" for product "Simatic Wincc"				7.5 Search vendor "Siemens" for product "Simatic Wincc" and version "7.5"		sp2_update2		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Search vendor "Siemens" for product "Simatic Wincc"				7.5 Search vendor "Siemens" for product "Simatic Wincc" and version "7.5"		sp2_update3		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Search vendor "Siemens" for product "Simatic Wincc"				7.5 Search vendor "Siemens" for product "Simatic Wincc" and version "7.5"		sp2_update4		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Search vendor "Siemens" for product "Simatic Wincc"				15 Search vendor "Siemens" for product "Simatic Wincc" and version "15"		-		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Search vendor "Siemens" for product "Simatic Wincc"				16 Search vendor "Siemens" for product "Simatic Wincc" and version "16"		-		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Search vendor "Siemens" for product "Simatic Wincc"				16 Search vendor "Siemens" for product "Simatic Wincc" and version "16"		update1		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Search vendor "Siemens" for product "Simatic Wincc"				16 Search vendor "Siemens" for product "Simatic Wincc" and version "16"		update2		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Search vendor "Siemens" for product "Simatic Wincc"				16 Search vendor "Siemens" for product "Simatic Wincc" and version "16"		update3		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Search vendor "Siemens" for product "Simatic Wincc"				16 Search vendor "Siemens" for product "Simatic Wincc" and version "16"		update4		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Search vendor "Siemens" for product "Simatic Wincc"				17 Search vendor "Siemens" for product "Simatic Wincc" and version "17"		-		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Search vendor "Siemens" for product "Simatic Wincc"				17 Search vendor "Siemens" for product "Simatic Wincc" and version "17"		update1		Affected
Siemens Search vendor "Siemens"		Simaticpcs 7 Search vendor "Siemens" for product "Simaticpcs 7"				<= 8.2 Search vendor "Siemens" for product "Simaticpcs 7" and version " <= 8.2"		-		Affected
Siemens Search vendor "Siemens"		Simaticpcs 7 Search vendor "Siemens" for product "Simaticpcs 7"				>= 9.0 < 9.1 Search vendor "Siemens" for product "Simaticpcs 7" and version " >= 9.0 < 9.1"		-		Affected
Siemens Search vendor "Siemens"		Simaticpcs 7 Search vendor "Siemens" for product "Simaticpcs 7"				9.1 Search vendor "Siemens" for product "Simaticpcs 7" and version "9.1"		-		Affected