#VU56637 Cleartext storage of sensitive information in SIMATIC NET CP 1545-1 and SIMATIC CP 1543-1 - CVE-2021-33716

Cybersecurity Help s.r.o.

Published: 2021-09-16

Vulnerability identifier: #VU56637

Vulnerability risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-33716

CWE-ID: CWE-312

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
SIMATIC NET CP 1545-1
Hardware solutions / Firmware
SIMATIC CP 1543-1
Hardware solutions / Firmware

Vendor: Siemens

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the storage of sensitive information in plain-text. A remote attacker on the local network can retrieve sensitive information stored in cleartext.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

SIMATIC NET CP 1545-1: All versions

SIMATIC CP 1543-1: before 3.0

External links
https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Cleartext storage of sensitive information in Siemens SIMATIC CP