CVE-2021-31337

Summary

The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage Products (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).

Affected Software

VendorProductVersion RangeStatus
n/aSINAMICS Medium Voltage ProductsSINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versionsaffected

Weaknesses

  • CWE-306: MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306

ADP Enrichment

CVE Program Container

Additional References

References