CVE-2021-27395

Summary

A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All versions), SIMATIC Process Historian 2020 (All versions). An interface in the software that is used for critical functionalities lacks authentication, which could allow a malicious user to maliciously insert, modify or delete data.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC Process Historian 2013 and earlierAll versionsaffected
SiemensSIMATIC Process Historian 2014All versions < SP3 Update 6affected
SiemensSIMATIC Process Historian 2019All versionsaffected
SiemensSIMATIC Process Historian 2020All versionsaffected

Weaknesses

  • CWE-306: CWE-306: Missing Authentication for Critical Function

ADP Enrichment

CVE Program Container

Additional References

References