CVE-2021-20093 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
tenable	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 91%

Vendor	Product	Version
wibu	codemeter	𝑥 ≤ 7.21a
siemens	pss_cape	-
siemens	sicam_230_firmware	*
siemens	simatic_pcs_neo	𝑥 < 3.1
siemens	simatic_wincc_oa	3.17
siemens	simatic_wincc_oa	3.18
siemens	simit_simulation_platform	10.0 ≤ 𝑥 < 10.3
siemens	simit_simulation_platform	10.3
siemens	sinec_infrastructure_network_services	𝑥 < 1.0.1.1
siemens	sinec_infrastructure_network_services	1.0.1
siemens	sinema_remote_connect_server	𝑥 < 3.0
siemens	sinema_remote_connect_server	3.0
siemens	sinema_remote_connect_server	3.0:sp1
siemens	simatic_process_historian	2019 ≤ 𝑥 < 2020

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf

https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02

https://www.tenable.com/security/research/tra-2021-24

https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf

https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02

https://www.tenable.com/security/research/tra-2021-24