Missing Authentication for Critical Function in SIMATIC eaSie Core Package

#VU65286 Missing Authentication for Critical Function in SIMATIC eaSie Core Package

Published: 2022-07-13 | Updated: 2022-07-14

Vulnerability identifier: #VU65286

Vulnerability risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-44222

CWE-ID: CWE-306

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SIMATIC eaSie Core Package
Other software / Other software solutions

Vendor:

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the underlying MQTT service does not perform authentication in the default configuration. A remote attacker can send arbitrary messages to the service and thereby issue arbitrary requests in the affected system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://cert-portal.siemens.com/productcert/pdf/ssa-580125.pdficsa-22-195-15

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siemens SIMATIC eaSie Core Package