QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-42029

Back to search

CVE-2021-42029

Published: Apr 12, 2022

Modified: Aug 4, 2024

PUBLISHED

Description

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server.

VendorProductVersions

Siemens

SIMATIC STEP 7 (TIA Portal) V15

affected
All versions

Siemens

SIMATIC STEP 7 (TIA Portal) V16

affected
All versions < V16 Update 5

Siemens

SIMATIC STEP 7 (TIA Portal) V17

affected
All versions < V17 Update 2

Weaknesses (CWE)

CWE-284

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now