CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-42022

A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package (All versions < V21.00 SP3). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files. The affected file download function is disabled by default.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 62.0%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 3.5

References

https://cert-portal.siemens.com/productcert/pdf/ssa-199605.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-199605.pdf

Products affected by CVE-2021-42022

Siemens » Simatic Easie Pcs 7 Skill » Version: 20.07

cpe:2.3:a:siemens:simatic_easie_pcs_7_skill:20.07
Siemens » Simatic Easie Pcs 7 Skill » Version: 21.00

cpe:2.3:a:siemens:simatic_easie_pcs_7_skill:21.00

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-42022

Products

Pricing

Contact Us