CVE-2021-31893

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). The affected software contains a buffer overflow vulnerability while handling certain files that could allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code execution.

Published: Jul 13, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-31893
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-120

Affected Software
References

Software	From	Fixed in
siemens / simatic_pcs_firmware	-	8.2.x
siemens / simatic_pcs_firmware	9.0-sp1	9.0-sp1.x
siemens / simatic_pcs_firmware	9.0-sp2	9.0-sp2.x
siemens / simatic_pcs_firmware	9.0	9.0.x
siemens / simatic_pdm_firmware	-	9.2
siemens / simatic_step_7_firmware	-	5.6.x
siemens / sinamics_starter_firmware	-	5.4
siemens / sinamics_starter_firmware	5.4	5.4.x
siemens / sinamics_starter_firmware	5.4-hotfix_2	5.4-hotfix_2.x
siemens / sinamics_starter_firmware	5.4-hotfix_1	5.4-hotfix_1.x

https://cert-portal.siemens.com/productcert/pdf/ssa-641963.pdf

Vulnerability Database

289,599

CVE-2021-31893