CVE-2021-27395
moderate-risk
Published 2021-10-12
A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All versions), SIMATIC Process Historian 2020 (All versions). An interface in the software that is used for critical functionalities lacks authentication, which could allow a malicious user to maliciously insert, modify or delete data.
Do I need to act?
-
0.25% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10
High
NETWORK
/ LOW complexity
Affected Products (7)
Simatic Process Historian 2013
Simatic Process Historian 2014
Simatic Process Historian 2014
Simatic Process Historian 2014
Simatic Process Historian 2014
Simatic Process Historian 2019
Simatic Process Historian 2020
Affected Vendors
References (2)
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-766247.pdf
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-766247.pdf
43
/ 100
moderate-risk
Severity
28/34 · Critical
Exploitability
1/34 · Minimal
Exposure
14/34 · Moderate