CVE-2021-44222
Last modified
CVE-2021-44222 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform authentication in the default configuration. EPSS estimates a 1.14% chance of exploitation in the next 30 days.
Description
A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic Easie Core Package | < 22.00 |
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-580125.pdfPatch, Vendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-580125.pdfPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-44222?
How severe is CVE-2021-44222?
How do I fix CVE-2021-44222?
Are you affected by CVE-2021-44222?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST