Information disclosure in Siemens SIPROTEC 5 Devices
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-41769 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
SIPROTEC 5 6MD85 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 6MD89 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 6MU85 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7KE85 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7SA82 devices (CPU variant CP100) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7SA86 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7SA87 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7SD82 devices (CPU variant CP100) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7SD86 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7SD87 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7SJ81 devices (CPU variant CP100) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7SJ82 devices (CPU variant CP100) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7SJ85 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7SJ86 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7SK82 devices (CPU variant CP100) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7SK85 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7SL82 devices (CPU variant CP100) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7SL86 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7SL87 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7SS85 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7ST85 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7SX85 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7UM85 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7UT82 devices (CPU variant CP100) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7UT85 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7UT86 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7UT87 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7VE85 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 7VK87 devices (CPU variant CP300) Hardware solutions / Routers & switches, VoIP, GSM, etc SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU59673
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-41769
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in the web server. A remote attacker on the local network can pass specially crafted input to the application and gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSIPROTEC 5 6MD85 devices (CPU variant CP300): before 8.83
SIPROTEC 5 6MD89 devices (CPU variant CP300): before 8.83
SIPROTEC 5 6MU85 devices (CPU variant CP300): before 8.83
SIPROTEC 5 7KE85 devices (CPU variant CP300): before 8.83
SIPROTEC 5 7SA82 devices (CPU variant CP100): before 8.83
SIPROTEC 5 7SA86 devices (CPU variant CP300): before 8.83
SIPROTEC 5 7SA87 devices (CPU variant CP300): before 8.83
SIPROTEC 5 7SD82 devices (CPU variant CP100): before 8.83
SIPROTEC 5 7SD86 devices (CPU variant CP300): before 8.83
SIPROTEC 5 7SD87 devices (CPU variant CP300): before 8.83
SIPROTEC 5 7SJ81 devices (CPU variant CP100): before 8.83
SIPROTEC 5 7SJ82 devices (CPU variant CP100): before 8.83
SIPROTEC 5 7SJ85 devices (CPU variant CP300): before 8.83
SIPROTEC 5 7SJ86 devices (CPU variant CP300): before 8.83
SIPROTEC 5 7SK82 devices (CPU variant CP100): before 8.83
SIPROTEC 5 7SK85 devices (CPU variant CP300): before 8.83
SIPROTEC 5 7SL82 devices (CPU variant CP100): before 8.83
SIPROTEC 5 7SL86 devices (CPU variant CP300): before 8.83
SIPROTEC 5 7SL87 devices (CPU variant CP300): before 8.83
SIPROTEC 5 7SS85 devices (CPU variant CP300): before 8.83
SIPROTEC 5 7ST85 devices (CPU variant CP300): before 8.83
SIPROTEC 5 7SX85 devices (CPU variant CP300): before 8.83
SIPROTEC 5 7UM85 devices (CPU variant CP300): before 8.83
SIPROTEC 5 7UT82 devices (CPU variant CP100): before 8.83
SIPROTEC 5 7UT85 devices (CPU variant CP300): before 8.83
SIPROTEC 5 7UT86 devices (CPU variant CP300): before 8.83
SIPROTEC 5 7UT87 devices (CPU variant CP300): before 8.83
SIPROTEC 5 7VE85 devices (CPU variant CP300): before 8.83
SIPROTEC 5 7VK87 devices (CPU variant CP300): before 8.83
SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050): before 8.83
CPE2.3- cpe:2.3:h:siemens:siprotec_5_6md85_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_6md89_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_6mu85_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7ke85_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7sa82_devices_cpu_variant_cp100:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7sa86_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7sa87_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7sd82_devices_cpu_variant_cp100:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7sd86_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7sd87_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7sj81_devices_cpu_variant_cp100:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7sj82_devices_cpu_variant_cp100:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7sj85_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7sj86_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7sk82_devices_cpu_variant_cp100:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7sk85_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7sl82_devices_cpu_variant_cp100:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7sl86_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7sl87_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7ss85_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7st85_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7sx85_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7um85_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7ut82_devices_cpu_variant_cp100:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7ut85_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7ut86_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7ut87_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7ve85_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_7vk87_devices_cpu_variant_cp300:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_5_compact_7sx800_devices_cpu_variant_cp050:*:*:*:*:*:*:*:
http://cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
