CVE-2021-41769
CVE-2021-41769 is a high-severity vulnerability in Siemens 6md85 Firmware with a CVSS 3.x base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-20.
Key facts
- Severity: High (CVSS 3.x base score 7.5)
- CVSS v2: 5.0
- EPSS exploit prediction: 1% (58th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-20
- Affected product: Siemens 6md85 Firmware
- Published:
- Last modified:
Description
A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information.
Frequently asked questions
- What is CVE-2021-41769?
- A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information.
- How severe is CVE-2021-41769?
- CVE-2021-41769 has a CVSS 3.x base score of 7.5, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
- Is CVE-2021-41769 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (58th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2021-41769?
- CVE-2021-41769 primarily affects Siemens 6md85 Firmware. In total, 31 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2021-41769?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2021-41769 published?
- CVE-2021-41769 was published on 2022-01-11 and last updated on 2026-06-17.
References
Affected products (31)
- cpe:2.3:o:siemens:6md85_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:6md86_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:6md89_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:6mu85_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7ke85_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7sa82_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7sa86_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7sa87_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7sd82_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7sd86_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7sd87_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7sj81_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7sj82_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7sj85_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7sj86_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7sk82_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7sk85_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7sl82_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7sl86_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7sl87_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7ss85_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7st85_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7sx800_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7sx85_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7um85_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7ut82_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7ut85_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7ut86_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7ut87_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7ve85_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:7vk87_firmware:*:*:*:*:*:*:*:*
Other CWE-20 (Improper Input Validation) vulnerabilities
- CVE-2026-48316 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48281 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48277 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48055 — Critical (CVSS 10.0): Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and…
- CVE-2026-34910 — Critical (CVSS 10.0): A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS…
- CVE-2026-33587 — Critical (CVSS 10.0): Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and…
Browse all CWE-20 (Improper Input Validation) vulnerabilities →