Siemens Industrial Product Denial of Service Vulnerability (CNVD-2022-87984)

SIMATIC Drive Controllers for the automation of production machines combine the functions of SIMATIC S7-1500 CPUs and SINAMICS S120 drive controls.SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller and includes optional visualization and central I/O in compact machines. The SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industries. SIMATIC S7-1500 Software Controller is a SIMATIC software controller for PC-based automation solutions.SIMATIC S7-PLCSIM Advanced emulates the S7-1200, S7-1500 and several other PLC derivatives. Includes full network access for analog PLCs, even in virtualized environments. SIPLUS extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. The TIM 1531 IRC is a communication module for SIMATIC S7-1500, S7-400, S7-300 with SINAUT ST7, DNP3 and IEC 60870-5-101/104, with three RJ45 interfaces for communication over IP-based networks (WAN/LAN) and one RS 232/RS 485 interface for communication via a classic WAN network. a denial of service vulnerability exists in Siemens Industrial products, which is due to the affected device’s inability to properly handle certain specially crafted packets sent to port 102/tcp, which could be exploited by an attacker to deny service in the device.