CVE-2021-27395
Summary
| CVE | CVE-2021-27395 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-10-12 10:15:00 UTC |
| Updated | 2021-10-19 01:11:00 UTC |
| Description | A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All versions), SIMATIC Process Historian 2020 (All versions). An interface in the software that is used for critical functionalities lacks authentication, which could allow a malicious user to maliciously insert, modify or delete data. |
Risk And Classification
Problem Types: CWE-306
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Siemens | Simatic Process Historian 2013 | All | All | All | All |
| Application | Siemens | Simatic Process Historian 2014 | - | sp1 | All | All |
| Application | Siemens | Simatic Process Historian 2014 | - | sp2 | All | All |
| Application | Siemens | Simatic Process Historian 2014 | - | sp3 | All | All |
| Application | Siemens | Simatic Process Historian 2014 | - | sp3_update4 | All | All |
| Application | Siemens | Simatic Process Historian 2019 | All | All | All | All |
| Application | Siemens | Simatic Process Historian 2020 | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| cert-portal.siemens.com/productcert/pdf/ssa-766247.pdf | MISC | cert-portal.siemens.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.