Vulnerability in Siemens Simatic Pcs 7 V8.2 And Earlier

CVE-2021-31894

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions < V9.1 SP2), SIMATIC PDM (All versions < V9.2 SP2), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (contain…

EPSS: 0.000 (8.7th percentile) — read the EPSS interpretation.

Affected products

Siemens Simatic Pcs 7 V8.2 And Earlier — versions All versions
Siemens Simatic Pcs 7 V9.x — versions All versions < V9.1 SP2
Siemens Simatic Pdm — versions All versions < V9.2 SP2
Siemens Simatic Step 7 V5.x — versions All versions < V5.7
Siemens Sinamics Starter (Containing Step 7 Oem Version) — versions All versions < V5.4 SP2 HF1

Weakness classification (CWE)

CWE-732 — Incorrect Permission Assignment for Critical Resource

References

cert-portal.siemens.com/productcert/pdf/ssa-661034.pdf (x_refsource_MISC)