CVE-2021-40366

7.4HIGH

Key Information:

Vendor: Siemens
Status: Climatix Pol909 (awb Module); Climatix Pol909 (awm Module)
Vendor: CVE Published:; 9 November 2021

Summary

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit.

Affected Version(s)

Climatix POL909 (AWB module) All versions < V11.42

Climatix POL909 (AWM module) All versions < V11.34

References

https://cert-portal.siemens.com/productcert/pdf/ssa-70371...

x_refsource_MISC

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 9, 2021
Vulnerability Reserved
Sep 1, 2021