Vulnerabilities > CVE-2021-44165 - Stack-based Buffer Overflow vulnerability in Siemens products

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

siemens

CWE-121

critical

NVD

Published: 2021-12-14

Updated: 2021-12-16

Summary

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41). The affected firmware contains a buffer overflow vulnerability in the web application that could allow a remote attacker with engineer or admin priviliges to potentially perform remote code execution.

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens 7Kg9501 0Aa01 2Aa1 Firmware - Siemens 7Kg9501 0Aa31 0Aa1 Firmware - Siemens 7Kg9501 0Aa31 2Aa1 Firmware - Siemens 7Kg9501 0Aa01 0Aa1 Firmware -	4
Hardware	Siemens Siemens 7Kg9501 0Aa01 2Aa1 - Siemens 7Kg9501 0Aa31 0Aa1 - Siemens 7Kg9501 0Aa31 2Aa1 - Siemens 7Kg9501 0Aa01 0Aa1 -	4

Common Weakness Enumeration (CWE)

CWE-121 - Stack-based Buffer Overflow

References

https://cert-portal.siemens.com/productcert/pdf/ssa-496292.pdf