What is the severity of CVE-2021-27395?

CVE-2021-27395 is considered a critical vulnerability affecting multiple versions of Siemens SIMATIC Process Historian.

How do I fix CVE-2021-27395?

To fix CVE-2021-27395, upgrade to a supported version of Siemens SIMATIC Process Historian as outlined in the vendor’s advisory.

Which versions of Siemens SIMATIC Process Historian are affected by CVE-2021-27395?

CVE-2021-27395 affects SIMATIC Process Historian 2013 and earlier, 2014 versions prior to SP3 Update 6, 2019, and 2020 versions.

What kind of vulnerability is CVE-2021-27395?

CVE-2021-27395 is an interface vulnerability that may allow unauthorized access to sensitive data.

Where can I find more information on CVE-2021-27395?

More detailed information on CVE-2021-27395 can be found in the Siemens product security advisory.

Vulnerability/
CVE-2021-27395

high

8.1

CWE

306

12/10/2021

3/8/2024

CVE-2021-27395

First published: Tue Oct 12 2021(Updated: )

A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All versions), SIMATIC Process Historian 2020 (All versions). An interface in the software that is used for critical functionalities lacks authentication, which could allow a malicious user to maliciously insert, modify or delete data.

Credit: productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens SIMATIC Process Historian
Siemens SIMATIC Process Historian	=sp1
Siemens SIMATIC Process Historian	=sp2
Siemens SIMATIC Process Historian	=sp3
Siemens SIMATIC Process Historian	=sp3_update4
Siemens SIMATIC Process Historian
Siemens SIMATIC Process Historian

Never miss a vulnerability like this again

Reference Links

https://cert-portal.siemens.com/productcert/pdf/ssa-766247.pdf

Frequently Asked Questions

What is the severity of CVE-2021-27395?
CVE-2021-27395 is considered a critical vulnerability affecting multiple versions of Siemens SIMATIC Process Historian.
How do I fix CVE-2021-27395?
To fix CVE-2021-27395, upgrade to a supported version of Siemens SIMATIC Process Historian as outlined in the vendor’s advisory.
Which versions of Siemens SIMATIC Process Historian are affected by CVE-2021-27395?
CVE-2021-27395 affects SIMATIC Process Historian 2013 and earlier, 2014 versions prior to SP3 Update 6, 2019, and 2020 versions.
What kind of vulnerability is CVE-2021-27395?
CVE-2021-27395 is an interface vulnerability that may allow unauthorized access to sensitive data.
Where can I find more information on CVE-2021-27395?
More detailed information on CVE-2021-27395 can be found in the Siemens product security advisory.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/author
agent/last-modified-date
agent/weakness
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/siemens
canonical/siemens simatic process historian
version/siemens simatic process historian/sp1
version/siemens simatic process historian/sp2
version/siemens simatic process historian/sp3
version/siemens simatic process historian/sp3_update4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.