CVE-2021-31893

13.07.2021, 11:15

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). The affected software contains a buffer overflow vulnerability while handling certain files that could allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code execution.

Classic Buffer Overflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
siemens	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 34%

Vendor	Product	Version
siemens	simatic_pcs_firmware	𝑥 ≤ 8.2
siemens	simatic_pcs_firmware	9.0
siemens	simatic_pcs_firmware	9.0:sp1
siemens	simatic_pcs_firmware	9.0:sp2
siemens	simatic_pdm_firmware	𝑥 < 9.2
siemens	simatic_step_7_firmware	𝑥 ≤ 5.6
siemens	sinamics_starter_firmware	𝑥 < 5.4
siemens	sinamics_starter_firmware	5.4
siemens	sinamics_starter_firmware	5.4:hotfix_1
siemens	sinamics_starter_firmware	5.4:hotfix_2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-641963.pdf