SB2021071421 - Incorrect permission assignment for critical resource in Siemens SIMATIC Software Products
Published: July 14, 2021
Security Bulletin ID
SB2021071421
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Incorrect permission assignment for critical resource (CVE-ID: CVE-2021-31894)
CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to incorrect permission assignment for critical resource. A local user can change the content of certain metafiles and subsequently manipulate parameters or the behavior of devices that would be later configured by the affected software.
Remediation
Install update from vendor's website.