CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-40366

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 22.8%

CVSS Severity

CVSS v3 Score 7.4

CVSS v2 Score 5.8

References

https://cert-portal.siemens.com/productcert/pdf/ssa-703715.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-703715.pdf

Products affected by CVE-2021-40366

Siemens » Climatix Pol909 » Version: N/A

cpe:2.3:h:siemens:climatix_pol909:-
Siemens » Climatix Pol909 Firmware » Version: Any

cpe:2.3:o:siemens:climatix_pol909_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-40366

Products

Pricing

Contact Us