CVE-2021-31337

2021-06-2812:24:58

CWE-306

siemens

www.cve.org

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.1%

JSON

The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage Products (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).

CNA Affected

[
  {
    "product": "SINAMICS Medium Voltage Products",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions"
      }
    ]
  }
]

References

us-cert.cisa.gov/ics/advisories/icsa-21-131-04