{"containers": {"cna": {"affected": [{"product": "SIMATIC PCS 7 V8.2", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "SIMATIC PCS 7 V9.0", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "SIMATIC PCS 7 V9.1", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V9.1 SP1"}]}, {"product": "SIMATIC WinCC V15 and earlier", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V15 SP1 Update 7"}]}, {"product": "SIMATIC WinCC V16", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V16 Update 5"}]}, {"product": "SIMATIC WinCC V17", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V17 Update 2"}]}, {"product": "SIMATIC WinCC V17", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions <= V17 Update 4"}]}, {"product": "SIMATIC WinCC V7.4", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V7.4 SP1 Update 19"}]}, {"product": "SIMATIC WinCC V7.5", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V7.5 SP2 Update 6"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions <= V17 Update 4), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-538", "description": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-10T11:17:13", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-40363", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SIMATIC PCS 7 V8.2", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "SIMATIC PCS 7 V9.0", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "SIMATIC PCS 7 V9.1", "version": {"version_data": [{"version_value": "All versions < V9.1 SP1"}]}}, {"product_name": "SIMATIC WinCC V15 and earlier", "version": {"version_data": [{"version_value": "All versions < V15 SP1 Update 7"}]}}, {"product_name": "SIMATIC WinCC V16", "version": {"version_data": [{"version_value": "All versions < V16 Update 5"}]}}, {"product_name": "SIMATIC WinCC V17", "version": {"version_data": [{"version_value": "All versions < V17 Update 2"}]}}, {"product_name": "SIMATIC WinCC V17", "version": {"version_data": [{"version_value": "All versions <= V17 Update 4"}]}}, {"product_name": "SIMATIC WinCC V7.4", "version": {"version_data": [{"version_value": "All versions < V7.4 SP1 Update 19"}]}}, {"product_name": "SIMATIC WinCC V7.5", "version": {"version_data": [{"version_value": "All versions < V7.5 SP2 Update 6"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions <= V17 Update 4), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-40363", "datePublished": "2022-02-09T15:17:04", "dateReserved": "2021-09-01T00:00:00", "dateUpdated": "2022-08-10T11:17:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B62697B-2F75-44EA-A1F8-14BF9D1F99CC", "versionEndIncluding": "8.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_pcs_7:9.0:-:*:*:*:*:*:*", "matchCriteriaId": "A42E3FB0-6C66-4702-BDC8-39EEA54B5C0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_pcs_7:9.1:-:*:*:*:*:*:*", "matchCriteriaId": "0D25510C-F677-4A98-806C-FF644F11EEC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F39B396-140B-4005-9A61-F984C9FAF742", "versionEndExcluding": "7.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:-:*:*:*:*:*:*", "matchCriteriaId": "3B0BD5DE-C6EF-4B89-831B-DA34DB0D68F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1:*:*:*:*:*:*", "matchCriteriaId": "2637C346-8AAF-481F-AFB0-BAD4254D14F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update1:*:*:*:*:*:*", "matchCriteriaId": "BF8404AB-579E-4C6B-BCA7-E95F2CE24F7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update10:*:*:*:*:*:*", "matchCriteriaId": "88F6B3BF-727F-432E-89D8-37FB7C76FE2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update11:*:*:*:*:*:*", "matchCriteriaId": "62EB588C-CBB4-4B17-9BB5-B14B1FC6BB21", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update12:*:*:*:*:*:*", "matchCriteriaId": "AF3F613C-6707-4517-B4B8-530C912B79E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update13:*:*:*:*:*:*", "matchCriteriaId": "590F62CE-9245-4AC9-9FBC-35136E217B0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update14:*:*:*:*:*:*", "matchCriteriaId": "3C5F5AD3-878D-42B0-B30E-8B0B6174486B", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update15:*:*:*:*:*:*", "matchCriteriaId": "57F59EE1-46FC-4B94-AB30-F1D3235C5A1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update16:*:*:*:*:*:*", "matchCriteriaId": "BA774F51-885C-4579-982E-431A8AB027B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update17:*:*:*:*:*:*", "matchCriteriaId": "110DF98C-BE75-43B6-B63D-1D7D99AFFA73", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update18:*:*:*:*:*:*", "matchCriteriaId": "11F812DE-BF33-4CB0-8E21-81682E3B88CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update2:*:*:*:*:*:*", "matchCriteriaId": "241D5A28-FB22-4C5B-A067-733168E847BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update3:*:*:*:*:*:*", "matchCriteriaId": "A5418F92-84A9-439C-B86C-ED5820697603", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update4:*:*:*:*:*:*", "matchCriteriaId": "40631FBD-116B-4589-B77A-6C5A69990F73", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update5:*:*:*:*:*:*", "matchCriteriaId": "64B14972-6163-4D44-A9C6-16328E02AC69", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update6:*:*:*:*:*:*", "matchCriteriaId": "8929E926-740F-4F17-B52C-4C73914B1818", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update7:*:*:*:*:*:*", "matchCriteriaId": "D4F72666-D10A-4EB2-80D3-18B04C101256", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update8:*:*:*:*:*:*", "matchCriteriaId": "0E343221-1E1A-4EE7-80AE-AB24E2244BA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update9:*:*:*:*:*:*", "matchCriteriaId": "1BF716D7-0A77-400F-9B43-64FBE3E65735", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:update_1:*:*:*:*:*:*", "matchCriteriaId": "D0A0534C-8EDE-46FF-82A0-812CF069ABC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:-:*:*:*:*:*:*", "matchCriteriaId": "E79DA14E-419C-49BA-8E4F-2907E1D8937F", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "81F9C13C-065C-4E40-BB46-687D791348A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update1:*:*:*:*:*:*", "matchCriteriaId": "5CF06E69-0A23-418D-B0EC-574DACBB4DD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update2:*:*:*:*:*:*", "matchCriteriaId": "9164EAC1-C416-4F1F-A910-CE84A167A6D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "3422B714-DB0F-4EE3-A7D4-9A0165214563", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update1:*:*:*:*:*:*", "matchCriteriaId": "70B79B00-F61D-4F10-AD7B-74718F061D9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update2:*:*:*:*:*:*", "matchCriteriaId": "A8766442-CC8D-4221-89B8-F75D195F71E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update3:*:*:*:*:*:*", "matchCriteriaId": "26C08FB9-AFEB-4A53-AAB3-37C9717B30C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update4:*:*:*:*:*:*", "matchCriteriaId": "68896900-7FCC-4BFB-B787-8992B459F00D", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update5:*:*:*:*:*:*", "matchCriteriaId": "1059B529-02F0-4C85-A35E-2282546FA990", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:13:-:*:*:*:*:*:*", "matchCriteriaId": "0D9FE447-2090-47D2-8667-5DC7605089BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:13:sp1:*:*:*:*:*:*", "matchCriteriaId": "BB4FFADC-51F0-439F-9F80-D2B2614FFC39", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:13:sp2:*:*:*:*:*:*", "matchCriteriaId": "4C117FFB-A3FF-4E82-9CE9-B2DFFAF7D799", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:14.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "CE5A7162-F1B5-4E74-99D6-4108AC4C49FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:15:*:*:*:*:*:*:*", "matchCriteriaId": "A961C560-0288-4BC7-B3EB-11610765A34A", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:-:*:*:*:*:*:*", "matchCriteriaId": "50B77C2A-4D66-4407-8CA4-99C43ED72DDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_1:*:*:*:*:*:*", "matchCriteriaId": "9794ED7E-EB17-4C95-B900-840A48758F03", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_2:*:*:*:*:*:*", "matchCriteriaId": "57E82CFE-4191-4055-A0BA-EAB7BE96D947", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_3:*:*:*:*:*:*", "matchCriteriaId": "C4DBBDAA-BCAE-4B63-BDFC-3DD70DAD9B7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_4:*:*:*:*:*:*", "matchCriteriaId": "B5AF87C6-F8D6-4462-9DF5-B9D301002B1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_5:*:*:*:*:*:*", "matchCriteriaId": "E4D610DA-D1EF-487E-94CB-FC6E6BE4BE4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_6:*:*:*:*:*:*", "matchCriteriaId": "6BB49DC6-B8AB-4320-B5CB-8EB803D41194", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:16:-:*:*:*:*:*:*", "matchCriteriaId": "A4316924-9EF8-4835-A2E4-0C81F4DE473D", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:16:update1:*:*:*:*:*:*", "matchCriteriaId": "A1011EBE-A08D-4066-A2B8-45736AE6999B", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:16:update2:*:*:*:*:*:*", "matchCriteriaId": "37284D6C-ADB9-43A9-817D-7879FDF8BF7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:16:update3:*:*:*:*:*:*", "matchCriteriaId": "1DAD73CB-A027-4CEA-A439-A271717BBEDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:16:update4:*:*:*:*:*:*", "matchCriteriaId": "150B957C-545F-4BD8-8AB9-E64ACC59C865", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:17:-:*:*:*:*:*:*", "matchCriteriaId": "C665E91E-DC56-41E0-99B4-ACFAA70B3103", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:17:update1:*:*:*:*:*:*", "matchCriteriaId": "BB46C8BD-942A-45DC-AA8A-C0D9418CA302", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions <= V17 Update 4), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SIMATIC PCS 7 V8.2 (Todas las versiones), SIMATIC PCS 7 V9.0 (Todas las versiones), SIMATIC PCS 7 V9.1 (Todas las versiones anteriores a V9. 1 SP1), SIMATIC WinCC V15 y anteriores (Todas las versiones anteriores a V15 SP1 Update 7), SIMATIC WinCC V16 (Todas las versiones anteriores a V16 Update 5), SIMATIC WinCC V17 (Todas las versiones anteriores a V17 Update 2), SIMATIC WinCC V17 (Todas las versiones anteriores a= V17 Update 4), SIMATIC WinCC V7.4 (Todas las versiones anteriores a V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (Todas las versiones anteriores a V7.5 SP2 Update 6). El componente afectado almacena las credenciales de una cuenta del sistema local en un archivo de proyecto potencialmente accesible al p\u00fablico utilizando un algoritmo de cifrado obsoleto. Un atacante puede usar esto para forzar las credenciales y tomar el control del sistema"}], "id": "CVE-2021-40363", "lastModified": "2022-10-06T16:46:47.823", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-09T16:15:13.877", "references": [{"source": "productcert@siemens.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-538"}], "source": "productcert@siemens.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}