CVE-2021-40366

CVE-2021-40366

Vendor Siemens
Product Climatix POL909 (AWB module)
Weakness CWE-311 · Missing encryption
Published November 9, 2021
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit.

Key dates

02Disclosure timeline

November 9, 2021 CVE published
August 4, 2024 Record updated