### [CVE-2021-31337](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31337)
![](https://img.shields.io/static/v1?label=Product&message=SINAMICS%20Medium%20Voltage%20Products&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=SINAMICS%20SL150%3A%20All%20versions%2C%20SINAMICS%20SM150%3A%20All%20versions%2C%20SINAMICS%20SM150i%3A%20All%20versions%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=MISSING%20AUTHENTICATION%20FOR%20CRITICAL%20FUNCTION%20CWE-306&color=brightgreen)

### Description

The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage Products (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/alex-hamlin/trivyal_pursuit