Products

Solutions

Company

Book A Live Demo

CVE-2021-40363 : Security Advisory and Response

Learn about the CVE-2021-40363 affecting Siemens products like SIMATIC PCS 7 and SIMATIC WinCC. Understand the impact, affected versions, and mitigation steps.

This CVE-2021-40363 focuses on a vulnerability impacting multiple Siemens products.

Understanding CVE-2021-40363

This CVE involves the insertion of sensitive information into externally-accessible files or directories.

What is CVE-2021-40363?

A vulnerability has been found in various versions of Siemens products, including SIMATIC PCS 7 V8.2, SIMATIC PCS 7 V9.0, and others. It involves storing local system account credentials in a publicly accessible project file using an outdated cipher algorithm, potentially allowing attackers to gain system control.

The Impact of CVE-2021-40363

The vulnerability enables attackers to retrieve credentials from project files, leading to potential system compromise or control.

Technical Details of CVE-2021-40363

This section provides detailed technical insights into the vulnerability.

Vulnerability Description

The affected components of Siemens products store local system account credentials in project files using an outdated cipher algorithm.

Affected Systems and Versions

SIMATIC PCS 7 V8.2 (All versions)

SIMATIC PCS 7 V9.0 (All versions)

SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1)

SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7)

SIMATIC WinCC V16 (All versions < V16 Update 5)

SIMATIC WinCC V17 (All versions < V17 Update 2)

SIMATIC WinCC V17 (All versions <= V17 Update 4)

SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19)

SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6)

Exploitation Mechanism

Attackers can exploit this vulnerability by brute-forcing the stored credentials to gain unauthorized access.

Mitigation and Prevention

Preventive measures and steps to mitigate this vulnerability.

Immediate Steps to Take

Update affected Siemens products to the patched versions immediately.

Avoid storing sensitive credentials in project files.

Long-Term Security Practices

Regularly monitor and audit access to project files.

Implement strong password policies and use updated encryption algorithms.

Patching and Updates

Siemens has released patches for the affected products. Ensure timely application of these updates to mitigate the risk of exploitation.

CVE-2021-40363 : Security Advisory and Response

Understanding CVE-2021-40363

What is CVE-2021-40363?

The Impact of CVE-2021-40363

Technical Details of CVE-2021-40363

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2021-40363 : Security Advisory and Response

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2021-40363

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2021-40363?

The Impact of CVE-2021-40363

Technical Details of CVE-2021-40363

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2021-40363

What is CVE-2021-40363?

Is your System Free of Underlying Vulnerabilities?
Find Out Now