CVE-2021-25662 vulnerability in Siemens Products
Published on May 12, 2021

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC client fails to handle an exception properly if the program execution process is modified after sending a packet from the server, which could result in a Denial-of-Service condition.

NVD

Vulnerability Analysis

CVE-2021-25662 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Weakness Type

Improper Handling of Exceptional Conditions

The software does not handle or incorrectly handles an exceptional condition.

Products Associated with CVE-2021-25662

stack.watch emails you whenever new vulnerabilities are published in Siemens Simatic Wincc Runtime Advanced or Siemens Simatic Wincc. Just hit a watch button to start following.

Siemens Simatic Wincc Runtime Advanced

Siemens Simatic Wincc

Affected Versions

Siemens SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants):

Version All versions < V15.1 Update 6 is affected.

Siemens SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants):

Version All versions < V16 Update 4 is affected.

Siemens SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants):

Version All versions < V15.1 Update 6 is affected.

Siemens SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants):

Version All versions < V16 Update 4 is affected.

Siemens SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F:

Version All versions < V15.1 Update 6 is affected.

Siemens SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F:

Version All versions < V16 Update 4 is affected.

Siemens SIMATIC WinCC Runtime Advanced V15:

Version All versions < V15.1 Update 6 is affected.

Siemens SIMATIC WinCC Runtime Advanced V16:

Version All versions < V16 Update 4 is affected.

Exploit Probability

EPSS

0.74%

Percentile

73.33%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-25662 vulnerability in Siemens ProductsPublished on May 12, 2021

Vulnerability Analysis

Weakness Type

Improper Handling of Exceptional Conditions

Products Associated with CVE-2021-25662

Affected Versions

Exploit Probability

CVE-2021-25662 vulnerability in Siemens Products
Published on May 12, 2021