CVE-2021-27395
HIGHSIMATIC Process Historian <2013-2020 - Info Disclosure
Title source: llmDescription
A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All versions), SIMATIC Process Historian 2020 (All versions). An interface in the software that is used for critical functionalities lacks authentication, which could allow a malicious user to maliciously insert, modify or delete data.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-766247.pdf
Scores
CVSS v3
8.1
EPSS
0.0025
EPSS Percentile
48.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (4)
siemens/simatic_process_historian_2013
siemens/simatic_process_historian_2014
(4 CPE variants)
siemens/simatic_process_historian_2019
siemens/simatic_process_historian_2020
Published
Oct 12, 2021
Tracked Since
Feb 18, 2026