high
7.8
CWE
284
Advisory Published
Updated

CVE-2021-42029

First published: Tue Apr 12 2022(Updated: )

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server.

Credit: productcert@siemens.com

Affected SoftwareAffected VersionHow to fix
Siemens SIMATIC STEP 7>=15<16
Siemens SIMATIC STEP 7=16
Siemens SIMATIC STEP 7=16-update1
Siemens SIMATIC STEP 7=16-update2
Siemens SIMATIC STEP 7=16-update3
Siemens SIMATIC STEP 7=16-update4
Siemens SIMATIC STEP 7=17
Siemens SIMATIC STEP 7=17-update1
Siemens Simatic S7-1200 Cpu
Siemens Simatic S7-1200 Cpu 1211c
Siemens Simatic S7-1200 Cpu 1212c
Siemens Simatic S7-1200 Cpu 1212fc
Siemens Simatic S7-1200 Cpu 1214 Fc
Siemens Simatic S7-1200 Cpu 1214c
Siemens Simatic S7-1200 Cpu 1214fc
Siemens Simatic S7-1200 Cpu 1215 Fc
Siemens Simatic S7-1200 Cpu 1215c
Siemens Simatic S7-1200 Cpu 1215fc
Siemens Simatic S7-1200 Cpu 1217c
Siemens Simatic S7-1500 Cpu
Siemens Simatic S7-1500 Cpu 1507s
Siemens Simatic S7-1500 Cpu 1507s F
Siemens Simatic S7-1500 Cpu 1508s
Siemens Simatic S7-1500 Cpu 1508s F
Siemens Simatic S7-1500 Cpu 1510sp
Siemens Simatic S7-1500 Cpu 1510sp-1
Siemens Simatic S7-1500 Cpu 1511-1
Siemens Simatic S7-1500 Cpu 1511-1 Pn
Siemens Simatic S7-1500 Cpu 1511c
Siemens Simatic S7-1500 Cpu 1511c-1
Siemens Simatic S7-1500 Cpu 1511f-1
Siemens Simatic S7-1500 Cpu 1511f-1 Pn
Siemens Simatic S7-1500 Cpu 1511t-1
Siemens Simatic S7-1500 Cpu 1511tf-1
Siemens Simatic S7-1500 Cpu 1512c
Siemens Simatic S7-1500 Cpu 1512c-1
Siemens Simatic S7-1500 Cpu 1512sp-1
Siemens Simatic S7-1500 Cpu 1512spf-1
Siemens Simatic S7-1500 Cpu 1513-1
Siemens Simatic S7-1500 Cpu 1513-1 Pn
Siemens Simatic S7-1500 Cpu 1513f-1
Siemens Simatic S7-1500 Cpu 1513f-1 Pn
Siemens Simatic S7-1500 Cpu 1513r-1
Siemens Simatic S7-1500 Cpu 1515-2
Siemens Simatic S7-1500 Cpu 1515-2 Pn
Siemens Simatic S7-1500 Cpu 1515f-2
Siemens Simatic S7-1500 Cpu 1515f-2 Pn
Siemens Simatic S7-1500 Cpu 1515r-2
Siemens Simatic S7-1500 Cpu 1515t-2
Siemens Simatic S7-1500 Cpu 1515tf-2
Siemens Simatic S7-1500 Cpu 1516-3
Siemens Simatic S7-1500 Cpu 1516-3 Dp
Siemens Simatic S7-1500 Cpu 1516-3 Pn
Siemens Simatic S7-1500 Cpu 1516-3 Pn\/dp
Siemens Simatic S7-1500 Cpu 1516f-3
Siemens Simatic S7-1500 Cpu 1516f-3 Pn\/dp
Siemens Simatic S7-1500 Cpu 1516pro-2
Siemens Simatic S7-1500 Cpu 1516pro F
Siemens Simatic S7-1500 Cpu 1516t-3
Siemens Simatic S7-1500 Cpu 1516tf-3
Siemens Simatic S7-1500 Cpu 1517-3
Siemens Simatic S7-1500 Cpu 1517-3 Dp
Siemens Simatic S7-1500 Cpu 1517-3 Pn
Siemens Simatic S7-1500 Cpu 1517-3 Pn\/dp
Siemens Simatic S7-1500 Cpu 1517f-3
Siemens Simatic S7-1500 Cpu 1517f-3 Pn\/dp
Siemens Simatic S7-1500 Cpu 1517tf-3
Siemens Simatic S7-1500 Cpu 1518
Siemens Simatic S7-1500 Cpu 1518-4
Siemens Simatic S7-1500 Cpu 1518-4 Dp
Siemens Simatic S7-1500 Cpu 1518-4 Pn
Siemens Simatic S7-1500 Cpu 1518-4 Pn\/dp
Siemens Simatic S7-1500 Cpu 1518-4 Pn\/dp Mfp
Siemens Simatic S7-1500 Cpu 1518f-4
Siemens Simatic S7-1500 Cpu 1518f-4 Pn\/dp
Siemens Simatic S7-1500 Cpu 1518hf-4
Siemens Simatic S7-1500 Cpu 1518t-4
Siemens Simatic S7-1500 Cpu 1518tf-4

Remedy

https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203