Lucene search

[email protected]CVE-2021-37185

HistoryFeb 09, 2022 - 4:15 p.m.

CVE-2021-37185

2022-02-0916:15:12

CWE-672

[email protected]

web.nvd.nist.gov

cve-2021-37185

vulnerability

simatic

drive controller

et 200sp

open controller

plc

denial of service

nvd

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

40.5%

JSON

A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.

Affected configurations

NVD

Node

siemenssimatic_drive_controller_cpu_1504d_tf_firmwareRange<2.9.4

AND

siemenssimatic_drive_controller_cpu_1504d_tfMatch-

Node

siemenssimatic_drive_controller_cpu_1507d_tf_firmwareRange<2.9.4

AND

siemenssimatic_drive_controller_cpu_1507d_tfMatch-

Node

siemenssimatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware

AND

siemenssimatic_et_200sp_open_controller_cpu_1515sp_pc2Match-

Node

siemenssimatic_s7-plcsim_advanced_firmwareRange<4.0

siemenssimatic_s7-plcsim_advanced_firmwareMatch4.0-

AND

siemenssimatic_s7-plcsim_advancedMatch-

Node

siemenstim_1531_irc_firmwareRange2.2≥

AND

siemenstim_1531_ircMatch-

Node

siemenssimatic_s7-1500_software_controller

Node

siemenssimatic_s7-1200_cpu_1211c_firmwareRange4.5.0–4.5.2

AND

siemenssimatic_s7-1200_cpu_1211cMatch-

Node

siemenssimatic_s7-1200_cpu_1212c_firmwareRange4.5.0–4.5.2

AND

siemenssimatic_s7-1200_cpu_1212cMatch-

Node

siemenssimatic_s7-1200_cpu_1212fc_firmwareRange4.5.0–4.5.2

AND

siemenssimatic_s7-1200_cpu_1212fcMatch-

Node

siemenssimatic_s7-1200_cpu_1214fc_firmwareRange4.5.0–4.5.2

AND

siemenssimatic_s7-1200_cpu_1214fcMatch-

Node

siemenssimatic_s7-1200_cpu_1214c_firmwareRange4.5.0–4.5.2

AND

siemenssimatic_s7-1200_cpu_1214cMatch-

Node

siemenssimatic_s7-1200_cpu_1215fc_firmwareRange4.5.0–4.5.2

AND

siemenssimatic_s7-1200_cpu_1215fcMatch-

Node

siemenssimatic_s7-1200_cpu_1215c_firmwareRange4.5.0–4.5.2

AND

siemenssimatic_s7-1200_cpu_1215cMatch-

Node

siemenssimatic_s7-1200_cpu_1217c_firmwareRange4.5.0–4.5.2

AND

siemenssimatic_s7-1200_cpu_1217cMatch-

Node

siemenssimatic_s7-1500_cpu_1510sp-1_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1510sp-1Match-

Node

siemenssimatic_s7-1500_cpu_1510sp_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1510spMatch-

Node

siemenssimatic_s7-1500_cpu_1511-1_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1511-1Match-

Node

siemenssimatic_s7-1500_cpu_1511c-1_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1511c-1Match-

Node

siemenssimatic_s7-1500_cpu_1511f-1_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1511f-1Match-

Node

siemenssimatic_s7-1500_cpu_1511t-1_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1511t-1Match-

Node

siemenssimatic_s7-1500_cpu_1511tf-1_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1511tf-1Match-

Node

siemenssimatic_s7-1500_cpu_1512c-1_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1512c-1Match-

Node

siemenssimatic_s7-1500_cpu_1512sp-1_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1512sp-1Match-

Node

siemenssimatic_s7-1500_cpu_1512spf-1_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1512spf-1Match-

Node

siemenssimatic_s7-1500_cpu_1513-1_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1513-1Match-

Node

siemenssimatic_s7-1500_cpu_1513f-1_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1513f-1Match-

Node

siemenssimatic_s7-1500_cpu_1513r-1_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1513r-1Match-

Node

siemenssimatic_s7-1500_cpu_cpu_1513prof-2_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_cpu_1513prof-2Match-

Node

siemenssimatic_s7-1500_cpu_cpu_1513pro-2_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_cpu_1513pro-2Match-

Node

siemenssimatic_s7-1500_cpu_1515-2_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1515-2Match-

Node

siemenssimatic_s7-1500_cpu_1515f-2_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1515f-2Match-

Node

siemenssimatic_s7-1500_cpu_1515r-2_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1515r-2Match-

Node

siemenssimatic_s7-1500_cpu_1515t-2_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1515t-2Match-

Node

siemenssimatic_s7-1500_cpu_1515tf-2_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1515tf-2Match-

Node

siemenssimatic_s7-1500_cpu_1516pro_f_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1516pro_fMatch-

Node

siemenssimatic_s7-1500_cpu_1516pro-2_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1516pro-2Match-

Node

siemenssimatic_s7-1500_cpu_1516-3_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1516-3Match-

Node

siemenssimatic_s7-1500_cpu_1516f-3_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1516f-3Match-

Node

siemenssimatic_s7-1500_cpu_1516t-3_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1516t-3Match-

Node

siemenssimatic_s7-1500_cpu_1516tf-3_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1516tf-3Match-

Node

siemenssimatic_s7-1500_cpu_1517-3_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1517-3Match-

Node

siemenssimatic_s7-1500_cpu_1517f-3_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1517f-3Match-

Node

siemenssimatic_s7-1500_cpu_1517tf-3_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1517tf-3Match-

Node

siemenssimatic_s7-1500_cpu_1518-4_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1518-4Match-

Node

siemenssimatic_s7-1500_cpu_1518f-4_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1518f-4Match-

Node

siemenssimatic_s7-1500_cpu_1518hf-4_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1518hf-4Match-

Node

siemenssimatic_s7-1500_cpu_1518t-4_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1518t-4Match-

Node

siemenssimatic_s7-1500_cpu_1518tf-4_firmwareRange2.9.2–2.9.4

AND

siemenssimatic_s7-1500_cpu_1518tf-4Match-

CPENameOperatorVersion
siemens:simatic_drive_controller_cpu_1504d_tf_firmwaresiemens simatic drive controller cpu 1504d tf firmwarelt2.9.4

CPE	Name	Operator	Version
siemens:simatic_drive_controller_cpu_1504d_tf_firmware	siemens simatic drive controller cpu 1504d tf firmware	lt	2.9.4

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SIMATIC Drive Controller family",
    "versions": [
      {
        "version": "All versions >= V2.9.2 < V2.9.4",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
    "versions": [
      {
        "version": "All versions >= V21.9 < V21.9.4",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
    "versions": [
      {
        "version": "All versions >= V4.5.0 < V4.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
    "versions": [
      {
        "version": "All versions >= V2.9.2 < V2.9.4",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC S7-1500 Software Controller",
    "versions": [
      {
        "version": "All versions >= V21.9 < V21.9.4",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC S7-PLCSIM Advanced",
    "versions": [
      {
        "version": "All versions >= V4.0 < V4.0 SP1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIPLUS TIM 1531 IRC",
    "versions": [
      {
        "version": "All versions < V2.3.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "TIM 1531 IRC",
    "versions": [
      {
        "version": "All versions < V2.3.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-838121.pdf

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

40.5%

JSON

Related for CVE-2021-37185

cnvd1 nessus1 cvelist1 nvd1 prion1 ics1