CVE-2021-37206

Summary

CVE	CVE-2021-37206
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-09-14 11:15:00 UTC
Updated	2021-12-14 20:30:00 UTC
Description	A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Siemens	Siprotec 5 With Cpu Variant Cp050	All	All	All	All
Operating System	Siemens	Siprotec 5 With Cpu Variant Cp100	All	All	All	All
Operating System	Siemens	Siprotec 5 With Cpu Variant Cp200	All	All	All	All
Operating System	Siemens	Siprotec 5 With Cpu Variant Cp300	All	All	All	All

References

Reference	Source	Link	Tags
cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf	MISC	cert-portal.siemens.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

590695 Siemens SIPROTEC 5 (Update A) Vulnerability (ICSA-21-257-16)