high
7.8
CWE
284
Advisory Published
Updated

CVE-2021-42029

First published: Tue Apr 12 2022(Updated: )

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server.

Credit: productcert@siemens.com

Affected SoftwareAffected VersionHow to fix
Siemens SIMATIC STEP 7 V5>=15<16
Siemens SIMATIC STEP 7 V5=16
Siemens SIMATIC STEP 7 V5=16-update1
Siemens SIMATIC STEP 7 V5=16-update2
Siemens SIMATIC STEP 7 V5=16-update3
Siemens SIMATIC STEP 7 V5=16-update4
Siemens SIMATIC STEP 7 V5=17
Siemens SIMATIC STEP 7 V5=17-update1
Siemens SIMATIC S7-1200 CPU
siemens simatic s7-1200 cpu 1211c
siemens simatic s7-1200 cpu 1212c
siemens simatic s7-1200 cpu 1212fc
siemens simatic s7-1200 cpu 1214 fc
Siemens SIMATIC S7-1200 CPU 1214C DC/DC/DC
siemens simatic s7-1200 cpu 1214fc
siemens simatic s7-1200 cpu 1215 fc
Siemens CPU 1215C
siemens simatic s7-1200 cpu 1215fc
siemens simatic s7-1200 cpu 1217c
Siemens Simatic S7-1500
Siemens Simatic S7-1500
siemens simatic s7-1500 cpu 1507s f
Siemens Simatic S7-1500
siemens simatic s7-1500 cpu 1508s f
siemens simatic s7-1500 cpu 1510sp
siemens simatic s7-1500 cpu 1510sp-1
Siemens Simatic S7-1500
siemens SIMATIC S7-1500 CPU 1511-1 PN
siemens SIMATIC S7-1500 CPU 1511c
siemens simatic s7-1500 cpu 1511c-1
siemens simatic s7-1500 cpu 1511f-1
siemens SIMATIC S7-1500 CPU 1511f-1 PN
siemens simatic s7-1500 cpu 1511t-1
siemens simatic s7-1500 cpu 1511tf-1
Siemens Simatic S7-1500
siemens simatic s7-1500 cpu 1512c-1
siemens simatic s7-1500 cpu 1512sp-1
siemens simatic s7-1500 cpu 1512spf-1
siemens simatic s7-1500 cpu 1513-1
siemens SIMATIC S7-1500 CPU 1513-1 PN
siemens simatic s7-1500 cpu 1513f-1
siemens SIMATIC S7-1500 CPU 1513f-1 PN
siemens simatic s7-1500 cpu 1513r-1
Siemens Simatic S7-1500
siemens SIMATIC S7-1500 CPU 1515-2 PN
siemens simatic s7-1500 cpu 1515f-2
siemens SIMATIC S7-1500 CPU 1515f-2 PN
siemens simatic s7-1500 cpu 1515r-2
siemens simatic s7-1500 cpu 1515t-2
siemens simatic s7-1500 cpu 1515tf-2
siemens simatic s7-1500 cpu 1516-3
siemens simatic s7-1500 cpu 1516-3 dp
siemens simatic s7-1500 cpu 1516-3 pn
siemens SIMATIC S7-1500 CPU 1516-3 pn\/dp
siemens simatic s7-1500 cpu 1516f-3
siemens SIMATIC S7-1500 CPU 1516f-3 pn\/dp
siemens simatic s7-1500 cpu 1516pro-2
siemens simatic s7-1500 cpu 1516pro f
siemens simatic s7-1500 cpu 1516t-3
siemens simatic s7-1500 cpu 1516tf-3
siemens simatic s7-1500 cpu 1517-3
siemens simatic s7-1500 cpu 1517-3 dp
siemens simatic s7-1500 cpu 1517-3 pn
siemens SIMATIC S7-1500 CPU 1517-3 pn\/dp
siemens simatic s7-1500 cpu 1517f-3
siemens SIMATIC S7-1500 CPU 1517f-3 pn\/dp
siemens simatic s7-1500 cpu 1517tf-3
Siemens Simatic S7-1500
siemens simatic s7-1500 cpu 1518-4
siemens simatic s7-1500 cpu 1518-4 dp
siemens simatic s7-1500 cpu 1518-4 pn
siemens SIMATIC S7-1500 CPU 1518-4 pn\/dp
siemens simatic s7-1500 cpu 1518-4 pn\/dp mfp
siemens simatic s7-1500 cpu 1518f-4
siemens SIMATIC S7-1500 CPU 1518f-4 pn\/dp
siemens simatic s7-1500 cpu 1518hf-4
siemens simatic s7-1500 cpu 1518t-4
siemens simatic s7-1500 cpu 1518tf-4

Remedy

https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-42029?

    CVE-2021-42029 has been assigned a medium severity rating due to its potential for privilege escalation.

  • How do I fix CVE-2021-42029?

    To remediate CVE-2021-42029, update your SIMATIC STEP 7 (TIA Portal) to version 16 Update 5 or later, or to version 17 Update 2 or later.

  • Which versions are affected by CVE-2021-42029?

    CVE-2021-42029 affects SIMATIC STEP 7 (TIA Portal) versions 15, and versions 16 before Update 5, as well as versions 17 before Update 2.

  • What are the potential impacts of CVE-2021-42029?

    CVE-2021-42029 could allow an attacker to gain unauthorized access and perform actions at a higher privilege level on the web server of affected devices.

  • Are there any workarounds for CVE-2021-42029?

    Temporary mitigation for CVE-2021-42029 involves limiting access to the web server and implementing network segmentation controls.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203