Vulnerability Details CVE-2021-31893
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). The affected software contains a buffer overflow vulnerability while handling certain files that could allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.3%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
Products affected by CVE-2021-31893
-
cpe:2.3:h:siemens:simatic_pcs:-
-
cpe:2.3:h:siemens:simatic_pdm:-
-
cpe:2.3:h:siemens:simatic_step_7:-
-
cpe:2.3:h:siemens:sinamics_starter:-
-
cpe:2.3:o:siemens:simatic_pcs_firmware:*
-
cpe:2.3:o:siemens:simatic_pcs_firmware:9.0
-
cpe:2.3:o:siemens:simatic_pdm_firmware:-
-
cpe:2.3:o:siemens:simatic_pdm_firmware:9.1.0.7
-
cpe:2.3:o:siemens:simatic_step_7_firmware:*
-
cpe:2.3:o:siemens:sinamics_starter_firmware:-
-
cpe:2.3:o:siemens:sinamics_starter_firmware:5.4