CVE-2021-44222

CVE-2021-44222

Vendor Siemens
Product SIMATIC eaSie Core Package
Weakness CWE-306 · Missing auth
Published July 12, 2022
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system.

Key dates

02Disclosure timeline

July 12, 2022 CVE published
August 4, 2024 Record updated