Information Disclosure Vulnerability in Siemens SIMATIC CP 1543-1 and CP 1545-1
CVE-2021-33716

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic Cp 1543-1 (incl. Siplus Variants); Simatic Cp 1545-1
Vendor: CVE Published:; 14 September 2021

Summary

A vulnerability exists in the Siemens SIMATIC CP 1543-1 and CP 1545-1 devices, where sensitive information may be exposed in cleartext. An attacker with local access to the affected device's subnet can exploit this vulnerability, potentially leading to unauthorized information retrieval. The issue affects all versions of SIMATIC CP 1543-1 prior to V3.0 and all versions of SIMATIC CP 1545-1 prior to V1.1. Users are encouraged to review the affected versions and consider applying security measures to mitigate potential risks.

Affected Version(s)

SIMATIC CP 1543-1 (incl. SIPLUS variants) All versions < V3.0

SIMATIC CP 1545-1 All versions < V1.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-53599...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 14, 2021
Vulnerability Reserved
May 28, 2021