CVE-2021-44222

CRITICAL

SIMATIC eaSie Core Package < 22.00 - Unauthenticated MQTT Service Request Injection

Title source: llm
STIX 2.1

Description

A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-580125.pdf

Scores

CVSS v3 9.1
EPSS 0.0041
EPSS Percentile 61.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-306
Status published
Products (1)
siemens/simatic_easie_core_package < 22.00
Published Jul 12, 2022
Tracked Since Feb 18, 2026