cvedb.io
CVE-2021-44222
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2022-07-12T10:15:10.050 · Last modified 2026-06-17T04:12:04.667

Summary

A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system.

Affected products

siemens — simatic_easie_core_package

Does this affect you?

Add your gear to cvedb and we'll alert you only when siemens ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.