#VU53224 Missing Authentication for Critical Function in Siemens products - CVE-2021-31337
Published: May 13, 2021
Vulnerability identifier: #VU53224
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-31337
CWE-ID: CWE-306
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
SINAMICS SL150
SINAMICS SM150
SINAMICS SM150i
SIMATIC HMI KTP Mobile Panels
SIMATIC HMI Comfort Panels
SINAMICS SL150
SINAMICS SM150
SINAMICS SM150i
SIMATIC HMI KTP Mobile Panels
SIMATIC HMI Comfort Panels
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the Telnet service of the SIMATIC HMI Comfort Panels system component does not require authentication. A remote attacker can gain access to the device.
Remediation
Install updates from vendor's website.