Vulnerabilities > CVE-2021-44165 - Stack-based Buffer Overflow vulnerability in Siemens products

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

siemens

CWE-121

NVD

Published: 2021-12-14

Updated: 2021-12-16

Summary

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41). The affected firmware contains a buffer overflow vulnerability in the web application that could allow a remote attacker with engineer or admin priviliges to potentially perform remote code execution.

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens 7Kg9501 0Aa01 2Aa1 Firmware - Siemens 7Kg9501 0Aa31 0Aa1 Firmware - Siemens 7Kg9501 0Aa31 2Aa1 Firmware - Siemens 7Kg9501 0Aa01 0Aa1 Firmware -	4
Hardware	Siemens Siemens 7Kg9501 0Aa01 2Aa1 - Siemens 7Kg9501 0Aa31 0Aa1 - Siemens 7Kg9501 0Aa31 2Aa1 - Siemens 7Kg9501 0Aa01 0Aa1 -	4

Common Weakness Enumeration (CWE)

CWE-121 - Stack-based Buffer Overflow

References

https://cert-portal.siemens.com/productcert/pdf/ssa-496292.pdf