CVE-2021-42022

EPSS 0.43% · P63 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-42022

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package (All versions < V21.00 SP3). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files. The affected file download function is disabled by default.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

对路径名的限制不恰当(路径遍历)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Siemens SIMATIC PCS 7 路径遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Siemens SIMATIC是西门子（Siemens）的一款组态软件。 Siemens SIMATIC PCS 7 存在路径遍历漏洞，该漏洞源于下载文件时，受影响的系统无法正确消除路径名中的特殊元素。然后，攻击者可能会导致路径名解析到服务器上受限目录之外的位置，并读取意外的关键文件。受影响的文件下载功能默认关闭。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Siemens	SIMATIC eaSie PCS 7 Skill Package	All versions < V21.00 SP3	-

II. Public POCs for CVE-2021-42022

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-42022

请登录查看更多情报信息。

Same Patch Batch · Siemens · 2021-12-14 · 46 CVEs total

CVE-2021-44002	7.8 HIGH	Siemens JT2GO和Siemens Teamcenter Visualization 缓冲区错误漏洞
CVE-2021-44014	7.8 HIGH	Siemens JT2GO 资源管理错误漏洞
CVE-2021-44440		Siemens JT Utilities 缓冲区错误漏洞
CVE-2021-44446		Siemens JT Utilities 缓冲区错误漏洞
CVE-2021-44449		Siemens JT Utilities 缓冲区错误漏洞
CVE-2021-44450		Siemens JT Utilities 缓冲区错误漏洞
CVE-2021-44522		Siemens SiPass Integrated和Siveillance Identity 安全漏洞
CVE-2021-44523		Siemens SiPass Integrated和Siveillance Identity 安全漏洞
CVE-2021-44524		Siemens SiPass Integrated和Siveillance Identity 授权问题漏洞
CVE-2021-44448		Siemens JT Utilities 缓冲区错误漏洞
CVE-2021-44442		Siemens JT Utilities 安全漏洞
CVE-2021-44441		Siemens JT Utilities 缓冲区错误漏洞
CVE-2021-44443		Siemens JT Utilities 缓冲区错误漏洞
CVE-2021-44439		Siemens JT Utilities 缓冲区错误漏洞
CVE-2021-44438		Siemens JT Utilities 缓冲区错误漏洞
CVE-2021-44437		Siemens JT Utilities 缓冲区错误漏洞
CVE-2021-44436		Siemens JT Utilities 缓冲区错误漏洞
CVE-2021-44435		Siemens JT Utilities 缓冲区错误漏洞
CVE-2021-44434		Siemens JT Utilities 缓冲区错误漏洞
CVE-2021-44433		Siemens JT Utilities 资源管理错误漏洞

Showing top 20 of 46 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: Siemens

Same weakness: CWE-22

V. Comments for CVE-2021-42022

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-42022

I. Basic Information for CVE-2021-42022

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-42022

III. Intelligence Information for CVE-2021-42022

Same Patch Batch · Siemens · 2021-12-14 · 46 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-42022

Leave a comment