CVE-2021-31894
First published: Tue Jul 13 2021(Updated: )
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions < V9.1 SP2), SIMATIC PDM (All versions < V9.2 SP2), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 SP2 HF1). A directory containing metafiles relevant to devices' configurations has write permissions. An attacker could leverage this vulnerability by changing the content of certain metafiles and subsequently manipulate parameters or behavior of devices that would be later configured by the affected software.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Simatic Pcs 7 Firmware | <=8.2 | |
| Siemens Simatic Pcs 7 Firmware | =9.0 | |
| SIEMENS SIMATIC PCS 7 | ||
| Siemens Simatic Pdm Firmware | ||
| Siemens Simatic Pdm | ||
| Siemens Simatic Step 7 Firmware | >=5.0<5.7 | |
| Siemens SIMATIC STEP 7 | ||
| Siemens Sinamics Starter Firmware | <5.4 | |
| Siemens Sinamics Starter Firmware | =5.4 | |
| Siemens Sinamics Starter Firmware | =5.4-hf1 | |
| Siemens Sinamics Starter Firmware | =5.4-hf2 | |
| Siemens Sinamics Starter Firmware | =5.4-sp1 | |
| Siemens Sinamics Starter Firmware | =5.4-sp1_hf1 | |
| Siemens Sinamics Starter Firmware | =5.4-sp2 | |
| Siemens Sinamics Starter |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-31894.
Which software versions are affected by this vulnerability?
SIMATIC PCS 7 V8.2 and earlier, SIMATIC PCS 7 V9.X (All versions < V9.1 SP2), SIMATIC PDM (All versions < V9.2 SP2), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 SP2 HF1) are affected.
What is the severity rating of CVE-2021-31894?
The severity rating of CVE-2021-31894 is 8.8 (High).
How can I fix CVE-2021-31894?
To fix CVE-2021-31894, Siemens has released security updates. Please refer to the official Siemens security advisory (Reference link) for detailed instructions.
What is the Common Weakness Enumeration (CWE) ID associated with this vulnerability?
The Common Weakness Enumeration (CWE) ID associated with CVE-2021-31894 is 732.
- collector/nvd-index
- agent/weakness
- agent/tags
- agent/event
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/siemens
- canonical/siemens simatic pcs 7 firmware
- version/siemens simatic pcs 7 firmware/8.2
- version/siemens simatic pcs 7 firmware/9.0
- canonical/siemens simatic pcs 7
- canonical/siemens simatic pdm firmware
- canonical/siemens simatic pdm
- canonical/siemens simatic step 7 firmware
- version/siemens simatic step 7 firmware/5.0
- canonical/siemens simatic step 7
- canonical/siemens sinamics starter firmware
- version/siemens sinamics starter firmware/5.4
- version/siemens sinamics starter firmware/5.4-hf1
- version/siemens sinamics starter firmware/5.4-hf2
- version/siemens sinamics starter firmware/5.4-sp1
- version/siemens sinamics starter firmware/5.4-sp1_hf1
- version/siemens sinamics starter firmware/5.4-sp2
- canonical/siemens sinamics starter