Vulnerability CVE-2021-37204


Published: 2022-02-09

Description:
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations.

Type:

NVD-CWE-noinfo

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.1/10
6.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Siemens -> Simatic s7-1500 software controller 

 References:
https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdf

Copyright 2024, cxsecurity.com

 

Back to Top