CVE-2021-33719

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-33719
A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp050:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp100:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp300:*:*:*:*:*:*:*:*
History

16 Dec 2021, 18:25

Type Values Removed Values Added
CPE cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp200:*:*:*:*:*:*:*:*

12 Oct 2021, 10:15

Type Values Removed Values Added
Summary A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP200 (All versions), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution. A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution.

28 Sep 2021, 16:57

Type Values Removed Values Added
References (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf - (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf - Patch, Vendor Advisory
CPE cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp050:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp200:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp300:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp100:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : 7.5
v3 : 9.8

14 Sep 2021, 11:42

Type Values Removed Values Added
New CVE
Information

Published : 2021-09-14 11:15

Updated : 2024-02-04 22:08

NVD link : CVE-2021-33719

Mitre link : CVE-2021-33719

CVE.ORG link : CVE-2021-33719

JSON object : View

Products Affected

siemens

  • siprotec_5_with_cpu_variant_cp300
  • siprotec_5_with_cpu_variant_cp050
  • siprotec_5_with_cpu_variant_cp100
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')