User Account Password Hash Exposure in SIMATIC Products from Siemens
CVE-2021-40360

8.8HIGH

Key Information:

Vendor: Siemens
Status: Simatic Pcs 7 V8.2; Simatic Pcs 7 V9.0; Simatic Pcs 7 V9.1; Simatic Wincc V15 And Earlier
Vendor: CVE Published:; 9 February 2022

Summary

A security flaw has been detected in various versions of Siemens SIMATIC products, where the password hash of a local user account can be exposed via a public API. An attacker, with authentication privileges, can exploit this vulnerability to perform a brute force attack on the password hash, potentially gaining unauthorized access to the affected systems. This vulnerability could lead to significant risks in environments relying on these industrial control systems.

Affected Version(s)

SIMATIC PCS 7 V8.2 All versions

SIMATIC PCS 7 V9.0 All versions

SIMATIC PCS 7 V9.1 All versions < V9.1 SP1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-91416...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 9, 2022
Vulnerability Reserved
Sep 1, 2021