Vulnerabilities > CVE-2021-27395 - Unspecified vulnerability in Siemens products

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

siemens

NVD

Published: 2021-10-12

Updated: 2024-11-21

Summary

A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All versions), SIMATIC Process Historian 2020 (All versions). An interface in the software that is used for critical functionalities lacks authentication, which could allow a malicious user to maliciously insert, modify or delete data.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Simatic Process Historian 2014 - Siemens Simatic Process Historian 2019 * Siemens Simatic Process Historian 2020 * Siemens Simatic Process Historian 2013 *	7

References

https://cert-portal.siemens.com/productcert/pdf/ssa-766247.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-766247.pdf