Description
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device.
Affected products
- Siemens / SIMATIC MV540 HAll versions < V3.3 – All versions < V3.3
- Siemens / SIMATIC MV540 SAll versions < V3.3 – All versions < V3.3
- Siemens / SIMATIC MV550 HAll versions < V3.3 – All versions < V3.3
- Siemens / SIMATIC MV550 SAll versions < V3.3 – All versions < V3.3
- Siemens / SIMATIC MV560 UAll versions < V3.3 – All versions < V3.3
- Siemens / SIMATIC MV560 XAll versions < V3.3 – All versions < V3.3