Lucene search

SiemensCVELIST:CVE-2021-40366

HistoryNov 09, 2021 - 11:32 a.m.

CVE-2021-40366

2021-11-0911:32:07

CWE-311

siemens

www.cve.org

climatix pol909

web server

tls encryption

remote attacker

man-in-the-middle

sensitive data

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

51.2%

JSON

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit.

CNA Affected

[
  {
    "product": "Climatix POL909 (AWB module)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V11.42"
      }
    ]
  },
  {
    "product": "Climatix POL909 (AWM module)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V11.34"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-703715.pdf