CVE-2021-44222
Published on: Not Yet Published
Last Modified on: 07/15/2022 07:01:00 PM UTC
Certain versions of Simatic Easie Core Package from Siemens contain the following vulnerability:
A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system.
- CVE-2021-44222 has been assigned by
[email protected] to track the vulnerability - currently rated as CRITICAL severity.
- Affected Vendor/Software:
Siemens - SIMATIC eaSie Core Package version All versions < V22.00
CVSS3 Score: 9.1 - CRITICAL
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | NONE |
CVSS2 Score: 6.4 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
cert-portal.siemens.com application/pdf |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Siemens | Simatic Easie Core Package | All | All | All | All |
- cpe:2.3:a:siemens:simatic_easie_core_package:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-44222 : A vulnerability has been identified in SIMATIC eaSie Core Package All versions < V22.00 . The und… twitter.com/i/web/status/1… | 2022-07-12 10:24:37 |
![]() |
CVE-2021-44222 | 2022-07-12 11:39:02 |