Wiz
Vulnerability DatabaseCVE-2021-42029

CVE-2021-42029
Siemens SIMATIC STEP 7 vulnerability analysis and mitigation

Overview

A vulnerability (CVE-2021-42029) was identified in SIMATIC STEP 7 (TIA Portal) affecting versions V15 (All versions), V16 (All versions < V16 Update 5), and V17 (All versions < V17 Update 2). The vulnerability was discovered and disclosed in October 2021, allowing attackers to achieve privilege escalation on the web server of certain devices due to improper access control in the engineering system software (MITRE CVE).

Technical details

The vulnerability stems from improper access control in the engineering system software of SIMATIC STEP 7 (TIA Portal). To exploit this vulnerability, an attacker needs to have direct access to the impacted web server. The vulnerability has been assigned CWE-284 (Improper Access Control) classification (NVD CNA Status).

Impact

If successfully exploited, this vulnerability allows attackers to achieve privilege escalation on the web server of affected devices, potentially gaining unauthorized access to system resources and functionalities (MITRE CVE).

Mitigation and workarounds

Siemens has released updates to address this vulnerability. Users should upgrade to SIMATIC STEP 7 (TIA Portal) V16 Update 5 or V17 Update 2 or later versions. These updates contain fixes for the improper access control vulnerability (MITRE CVE).

Additional resources

SourceThis report was generated using AI

Related Siemens SIMATIC STEP 7 vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2023-25910HIGH8.8
  • Siemens SIMATIC STEP 7Siemens SIMATIC STEP 7
  • cpe:2.3:a:siemens:simatic_step_7
NoYesJun 13, 2023
CVE-2022-45147HIGH8.5
  • Siemens SIMATIC STEP 7Siemens SIMATIC STEP 7
  • cpe:2.3:a:siemens:simatic_step_7
NoYesJul 09, 2024
CVE-2021-42029HIGH7.8
  • Siemens SIMATIC STEP 7Siemens SIMATIC STEP 7
  • cpe:2.3:a:siemens:simatic_step_7
NoNoApr 12, 2022
CVE-2023-32737HIGH7
  • Siemens SIMATIC STEP 7Siemens SIMATIC STEP 7
  • cpe:2.3:a:siemens:simatic_step_7
NoYesJul 09, 2024
CVE-2022-46141MEDIUM5.5
  • Siemens SIMATIC STEP 7Siemens SIMATIC STEP 7
  • cpe:2.3:a:siemens:simatic_step_7
NoYesDec 12, 2023

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo