CVE-2021-27386

HIGH

CVSS v3.1: 7.5 · EPSS: 0.0059 (69.6 percentile)

NetworkNo privilegesNo user interactionMemory LeakVendor advisory ref

Source data as of:

At a glance

Severity
HIGH
CVSS
7.5 v3.1 · NVD
EPSS
0.0059 (69.6 percentile) · FIRST.org
CISA KEV
No
Type
Memory Leak · NVD CWE
Attack conditions (CVSS vector)
NetworkNo privilegesNo user interaction · Source: NVD Vector
Affected vendors
siemens
Published
2021-05-12 · Modified: 2026-06-02
References
Jump to references (2)

CVSS / EPSS / KEV

CVSS v3.1 7.5 / 10 HIGH Source: NVD
EPSS 0.0059 69.6 percentile Source: FIRST.org
CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the device layout handler on client side, which could result in a Denial-of-Service condition.

Record details

CVE ID
CVE-2021-27386
CVSS (v3.1)
7.5 (HIGH)
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability subscore
3.9
Impact subscore
3.6
EPSS
0.0059 (69.6 percentile) — 2026-06-03
CISA KEV
No
Weakness (CWE)
CWE-401
Affected vendors
siemens
Affected configurations (CPE)
129
Published
2021-05-12
Modified
2026-06-02
Status
Modified

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

Related records

Other records sharing a factual facet, for cross-reference. A descriptive neighbourhood — ordering does not imply priority and is not a recommendation.

Same affected vendor

CVE-2020-15782 CRITICAL CVSS 9.8 CVE-2020-15786 CRITICAL CVSS 9.8 CVE-2020-15798 CRITICAL CVSS 9.8 CVE-2021-27384 CRITICAL CVSS 9.8

Same weakness type (CWE)

CVE-2026-44660 HIGH CVSS 7.5 CVE-2025-71185 MEDIUM CVSS 5.5 CVE-2025-71186 MEDIUM CVSS 5.5 CVE-2025-71188 MEDIUM CVSS 5.5

Published the same year

CVE-2021-27384 CRITICAL CVSS 9.8 CVE-2021-21974 HIGH CVSS 8.8 CVE-2021-25667 HIGH CVSS 8.8 CVE-2021-4478 HIGH CVSS 8.2
← Back to all records