First published: Tue Jun 15 2021(Updated: )
SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands on the SINAMICS Medium Voltage Products, Remote Access (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Sinamics Sl150 Firmware | ||
Siemens SINAMICS SL150 | ||
Siemens Sinamics Sm150 Firmware | ||
Siemens SINAMICS SM150 | ||
Siemens Sinamics Sm150i Firmware | ||
Siemens SINAMICS SM150i |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
SINAMICS SL150 Firmware, SINAMICS SM150 Firmware, and SINAMICS SM150i Firmware.
The severity of CVE-2021-27388 is critical with a CVSS score of 9.8.
CVE-2021-27388 is a vulnerability in the Sm@rtServer component for remote access in SINAMICS medium voltage routable products, which could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands.
An attacker can exploit CVE-2021-27388 by sending specially crafted network packets to the affected Sm@rtServer component for remote access.
Yes, Siemens has released a security update to address the vulnerability. It is recommended to update to the latest firmware version for the affected products.