CVE-2021-37172
First published: Tue Aug 10 2021(Updated: )
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Simatic S7-1200 Cpu Firmware | =4.5.0 | |
| Siemens Cpu 1211c | ||
| Siemens Cpu 1212c | ||
| Siemens Cpu 1212fc | ||
| Siemens Cpu 1214c | ||
| Siemens Cpu 1214fc | ||
| Siemens Cpu 1215c | ||
| Siemens Cpu 1215fc | ||
| Siemens Cpu 1217c | ||
| Siemens Simatic Step 7 \(tia Portal\) | <=13.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-37172.
What is the severity of CVE-2021-37172?
The severity of CVE-2021-37172 is high with a CVSS score of 7.5.
Which devices are affected by CVE-2021-37172?
The SIMATIC S7-1200 CPU family (incl. SIPLUS variants) with firmware version 4.5.0 is affected.
How does CVE-2021-37172 impact the affected devices?
Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13.
Is there a fix available for CVE-2021-37172?
Siemens has released a security advisory with recommended mitigations for CVE-2021-37172. Please refer to their official documentation for more details.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/siemens
- canonical/siemens simatic s7-1200 cpu firmware
- version/siemens simatic s7-1200 cpu firmware/4.5.0
- canonical/siemens cpu 1211c
- canonical/siemens cpu 1212c
- canonical/siemens cpu 1212fc
- canonical/siemens cpu 1214c
- canonical/siemens cpu 1214fc
- canonical/siemens cpu 1215c
- canonical/siemens cpu 1215fc
- canonical/siemens cpu 1217c
- canonical/siemens simatic step 7 \(tia portal\)
- version/siemens simatic step 7 \(tia portal\)/13.0