V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2021-25661
CVE
High

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Upda…

CVSS
7.5
High
EPSS
0.01
p62
Published
2021-01-01
Updated
2021-01-01
Description

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the client side when sending data from the server, which could result in a Denial-of-Service condition.

Tags · CWE
Pre-auth
CWE-788
Affected products
Simatic_wincc_runtime_advanced < 16Simatic_wincc_runtime_advanced
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Timeline
2021-01-01
Published
2021-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: N
None (N)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.011 · p62
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Siemens
Simatic Wincc Runtime AdvancedSimatic Hmi Ktp Mobile Panels Ktp400fSimatic Hmi Ktp Mobile Panels Ktp400f FirmwareSimatic Hmi Ktp Mobile Panels Ktp700Simatic Hmi Ktp Mobile Panels Ktp700 FirmwareSimatic Hmi Ktp Mobile Panels Ktp700fSimatic Hmi Ktp Mobile Panels Ktp700f FirmwareSimatic Hmi Ktp Mobile Panels Ktp900Simatic Hmi Ktp Mobile Panels Ktp900 FirmwareSimatic Hmi Ktp Mobile Panels Ktp900f+9
ProductVendorStatus
simatic_hmi_comfort_outdoor_panels_15"_firmware*Tracked
simatic_hmi_comfort_outdoor_panels_15"_firmware*Tracked
simatic_hmi_comfort_outdoor_panels_7"_firmware*Tracked
simatic_hmi_comfort_outdoor_panels_7"_firmware*Tracked
simatic_hmi_comfort_panels_22"_firmware*Tracked
simatic_hmi_comfort_panels_22"_firmware*Tracked
simatic_hmi_comfort_panels_4"_firmware*Tracked
simatic_hmi_comfort_panels_4"_firmware*Tracked
simatic_hmi_ktp_mobile_panels_ktp400f_firmware*Tracked
simatic_hmi_ktp_mobile_panels_ktp400f_firmware*Tracked
simatic_hmi_ktp_mobile_panels_ktp700_firmware*Tracked
simatic_hmi_ktp_mobile_panels_ktp700_firmware*Tracked
simatic_hmi_ktp_mobile_panels_ktp700f_firmware*Tracked
simatic_hmi_ktp_mobile_panels_ktp700f_firmware*Tracked
simatic_hmi_ktp_mobile_panels_ktp900_firmware*Tracked
simatic_hmi_ktp_mobile_panels_ktp900_firmware*Tracked
simatic_hmi_ktp_mobile_panels_ktp900f_firmware*Tracked
simatic_hmi_ktp_mobile_panels_ktp900f_firmware*Tracked
simatic_wincc_runtime_advanced*Tracked
simatic_wincc_runtime_advanced*Tracked
Source databases
CVE