CVE-2021-40358

Published Nov 9, 2021

Last updated 2 years ago

CVSS critical 9.9

Overview

Description: A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations on the web server of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files.
Source: productcert@siemens.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.9
Impact score: 6
Exploitability score: 3.1
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

productcert@siemens.com: CWE-22
nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4A75F15-8F47-4348-A85C-D94BBA8F9992"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:9.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A42E3FB0-6C66-4702-BDC8-39EEA54B5C0F"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:9.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D25510C-F677-4A98-806C-FF644F11EEC6"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F64B795A-7E66-49AE-BE40-E8EEAC12D280"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B0BD5DE-C6EF-4B89-831B-DA34DB0D68F6"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2637C346-8AAF-481F-AFB0-BAD4254D14F4"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF8404AB-579E-4C6B-BCA7-E95F2CE24F7D"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88F6B3BF-727F-432E-89D8-37FB7C76FE2B"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62EB588C-CBB4-4B17-9BB5-B14B1FC6BB21"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF3F613C-6707-4517-B4B8-530C912B79E6"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "590F62CE-9245-4AC9-9FBC-35136E217B0E"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C5F5AD3-878D-42B0-B30E-8B0B6174486B"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57F59EE1-46FC-4B94-AB30-F1D3235C5A1D"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA774F51-885C-4579-982E-431A8AB027B7"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "110DF98C-BE75-43B6-B63D-1D7D99AFFA73"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update18:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11F812DE-BF33-4CB0-8E21-81682E3B88CA"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "241D5A28-FB22-4C5B-A067-733168E847BF"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5418F92-84A9-439C-B86C-ED5820697603"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40631FBD-116B-4589-B77A-6C5A69990F73"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64B14972-6163-4D44-A9C6-16328E02AC69"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8929E926-740F-4F17-B52C-4C73914B1818"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4F72666-D10A-4EB2-80D3-18B04C101256"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E343221-1E1A-4EE7-80AE-AB24E2244BA0"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BF716D7-0A77-400F-9B43-64FBE3E65735"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:update_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0A0534C-8EDE-46FF-82A0-812CF069ABC9"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E79DA14E-419C-49BA-8E4F-2907E1D8937F"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81F9C13C-065C-4E40-BB46-687D791348A9"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CF06E69-0A23-418D-B0EC-574DACBB4DD9"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9164EAC1-C416-4F1F-A910-CE84A167A6D1"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3422B714-DB0F-4EE3-A7D4-9A0165214563"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70B79B00-F61D-4F10-AD7B-74718F061D9E"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8766442-CC8D-4221-89B8-F75D195F71E8"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26C08FB9-AFEB-4A53-AAB3-37C9717B30C5"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68896900-7FCC-4BFB-B787-8992B459F00D"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A961C560-0288-4BC7-B3EB-11610765A34A"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50B77C2A-4D66-4407-8CA4-99C43ED72DDB"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9794ED7E-EB17-4C95-B900-840A48758F03"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57E82CFE-4191-4055-A0BA-EAB7BE96D947"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4DBBDAA-BCAE-4B63-BDFC-3DD70DAD9B7D"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5AF87C6-F8D6-4462-9DF5-B9D301002B1C"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4D610DA-D1EF-487E-94CB-FC6E6BE4BE4C"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BB49DC6-B8AB-4320-B5CB-8EB803D41194"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:16:update1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1011EBE-A08D-4066-A2B8-45736AE6999B"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:16:update2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37284D6C-ADB9-43A9-817D-7879FDF8BF7F"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:16:update3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DAD73CB-A027-4CEA-A439-A271717BBEDD"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:16:update4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "150B957C-545F-4BD8-8AB9-E64ACC59C865"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E848185-A7C7-4FD3-94DC-8D4092395752"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:17:update1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB46C8BD-942A-45DC-AA8A-C0D9418CA302"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References