Data Transmission Vulnerability in Climatix POL909 by Siemens
CVE-2021-40366

7.4HIGH

Key Information:

Vendor

Siemens
Status
Climatix Pol909 (awb Module)
Climatix Pol909 (awm Module)
Vendor
CVE Published:
9 November 2021

What is CVE-2021-40366?

A vulnerability exists in the Climatix POL909 devices where the web server transmits sensitive data, including administrator credentials, without TLS encryption. This exposes the data to potential interception and alteration by unauthenticated remote attackers positioned in a man-in-the-middle attack scenario, compromising the integrity and confidentiality of the communication.

Affected Version(s)

Climatix POL909 (AWB module) All versions < V11.42

Climatix POL909 (AWM module) All versions < V11.34

References

https://cert-portal.siemens.com/productcert/pdf/ssa-70371...
x_refsource_MISC

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.