CVE-2021-42029
HIGHSIMATIC STEP 7 V15, V16 < Update 5, V17 < Update 2 - Privilege Escalation via Web Server Access
Title source: llmDescription
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
11.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (3)
siemens/simatic_step_7
16 (5 CPE variants)
siemens/simatic_step_7
17 (2 CPE variants)
siemens/simatic_step_7
15 - 16
Published
Apr 12, 2022
Tracked Since
Feb 18, 2026