CVE-2021-41769

Description

A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information.

Category

7.5
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.47%
Vendor Advisory siemens.com
Affected: Siemens SIPROTEC 5 6MD85 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 6MD86 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 6MD89 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 6MU85 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 7KE85 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 7SA82 devices (CPU variant CP100)
Affected: Siemens SIPROTEC 5 7SA86 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 7SA87 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 7SD82 devices (CPU variant CP100)
Affected: Siemens SIPROTEC 5 7SD86 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 7SD87 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 7SJ81 devices (CPU variant CP100)
Affected: Siemens SIPROTEC 5 7SJ82 devices (CPU variant CP100)
Affected: Siemens SIPROTEC 5 7SJ85 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 7SJ86 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 7SK82 devices (CPU variant CP100)
Affected: Siemens SIPROTEC 5 7SK85 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 7SL82 devices (CPU variant CP100)
Affected: Siemens SIPROTEC 5 7SL86 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 7SL87 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 7SS85 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 7ST85 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 7SX85 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 7UM85 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 7UT82 devices (CPU variant CP100)
Affected: Siemens SIPROTEC 5 7UT85 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 7UT86 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 7UT87 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 7VE85 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 7VK87 devices (CPU variant CP300)
Affected: Siemens SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050)
Published at:
Updated at:

References

Link Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-41769?
CVE-2021-41769 has been scored as a high severity vulnerability.
How to fix CVE-2021-41769?
To fix CVE-2021-41769, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-41769 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-41769 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-41769?
CVE-2021-41769 affects Siemens SIPROTEC 5 6MD85 devices (CPU variant CP300), Siemens SIPROTEC 5 6MD86 devices (CPU variant CP300), Siemens SIPROTEC 5 6MD89 devices (CPU variant CP300), Siemens SIPROTEC 5 6MU85 devices (CPU variant CP300), Siemens SIPROTEC 5 7KE85 devices (CPU variant CP300), Siemens SIPROTEC 5 7SA82 devices (CPU variant CP100), Siemens SIPROTEC 5 7SA86 devices (CPU variant CP300), Siemens SIPROTEC 5 7SA87 devices (CPU variant CP300), Siemens SIPROTEC 5 7SD82 devices (CPU variant CP100), Siemens SIPROTEC 5 7SD86 devices (CPU variant CP300), Siemens SIPROTEC 5 7SD87 devices (CPU variant CP300), Siemens SIPROTEC 5 7SJ81 devices (CPU variant CP100), Siemens SIPROTEC 5 7SJ82 devices (CPU variant CP100), Siemens SIPROTEC 5 7SJ85 devices (CPU variant CP300), Siemens SIPROTEC 5 7SJ86 devices (CPU variant CP300), Siemens SIPROTEC 5 7SK82 devices (CPU variant CP100), Siemens SIPROTEC 5 7SK85 devices (CPU variant CP300), Siemens SIPROTEC 5 7SL82 devices (CPU variant CP100), Siemens SIPROTEC 5 7SL86 devices (CPU variant CP300), Siemens SIPROTEC 5 7SL87 devices (CPU variant CP300), Siemens SIPROTEC 5 7SS85 devices (CPU variant CP300), Siemens SIPROTEC 5 7ST85 devices (CPU variant CP300), Siemens SIPROTEC 5 7SX85 devices (CPU variant CP300), Siemens SIPROTEC 5 7UM85 devices (CPU variant CP300), Siemens SIPROTEC 5 7UT82 devices (CPU variant CP100), Siemens SIPROTEC 5 7UT85 devices (CPU variant CP300), Siemens SIPROTEC 5 7UT86 devices (CPU variant CP300), Siemens SIPROTEC 5 7UT87 devices (CPU variant CP300), Siemens SIPROTEC 5 7VE85 devices (CPU variant CP300), Siemens SIPROTEC 5 7VK87 devices (CPU variant CP300), Siemens SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050).
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.