First published: Mon Jun 28 2021(Updated: )
The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage Products (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Sinamics Sl150 Firmware | ||
Siemens SINAMICS SL150 | ||
Siemens Sinamics Sm150 Firmware | ||
Siemens SINAMICS SM150 | ||
Siemens Sinamics Sm150i Firmware | ||
Siemens SINAMICS SM150i |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-31337 is a vulnerability in the Telnet service of the SIMATIC HMI Comfort Panels system component in affected products, which does not require authentication and may allow a remote attacker to gain access to the device if the service is enabled.
CVE-2021-31337 has a severity rating of 9.8 (Critical).
CVE-2021-31337 affects Siemens Sinamics SL150 Firmware, Siemens Sinamics SM150 Firmware, and Siemens Sinamics SM150i Firmware.
No, Siemens Sinamics SL150 is not vulnerable to CVE-2021-31337.
To fix CVE-2021-31337, it is recommended to disable the Telnet service if not required or implement authentication mechanisms.