Auth bypass in Siemens Simatic S7-1200 Cpu Family (Incl. Siplus Variants)

CVE-2021-37172

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker usin…

Vulnerability class: Broken Authentication

EPSS: 0.002 (40.3th percentile) — read the EPSS interpretation.

Affected products

Siemens Simatic S7-1200 Cpu Family (Incl. Siplus Variants) — versions V4.5.0

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf (x_refsource_MISC)