CVE-2021-37172
HIGHSIMATIC S7-1200 CPU Firmware V4.5.0 - Improper Authentication via TIA Portal V13
Title source: llmDescription
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf
Scores
CVSS v3
7.5
EPSS
0.0019
EPSS Percentile
40.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-287
Status
published
Products (2)
siemens/simatic_s7-1200_cpu_firmware
4.5.0
siemens/simatic_step_7_\(tia_portal\)
< 13.0
Published
Aug 10, 2021
Tracked Since
Feb 18, 2026