Unrated severityNVD Advisory· Published Jul 13, 2021· Updated Aug 3, 2024

CVE-2021-31893

Description

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). The affected software contains a buffer overflow vulnerability while handling certain files that could allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code execution.

Affected products

Siemens Foundation/SIMATIC PDMllm-fuzzy
Range: < V9.2
Siemens Foundation/SIMATIC STEP7llm-fuzzy2 versions
< V5.6 SP2 HF3+ 1 more
- (no CPE)range: < V5.6 SP2 HF3
- (no CPE)range: All versions < V5.6 SP2 HF3
Siemens Foundation/SINAMICS STARTERllm-fuzzy
Range: < V5.4 HF2
Siemens Foundation/Simatic Pcs7llm-fuzzy3 versions
<= V8.2 (all), < V9.0 SP3 (V9.0)+ 2 more
- (no CPE)range: <= V8.2 (all), < V9.0 SP3 (V9.0)
- (no CPE)range: All versions < V9.0 SP3
- (no CPE)range: All versions < V9.2
Siemens/SIMATIC PCS 7 V8.2 and earlierv5
Range: All versions
Siemens/SINAMICS STARTER (containing STEP 7 OEM version)v5
Range: All versions < V5.4 HF2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert-portal.siemens.com/productcert/pdf/ssa-641963.pdfmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000