CVE-2021-37204

09.02.2022, 16:15

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4Linux (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
siemens	CNA	7.5 HIGH				CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 79%

Vendor	Product	Version
siemens	simatic_drive_controller_cpu_1504d_tf_firmware	𝑥 < 2.9.4
siemens	simatic_drive_controller_cpu_1507d_tf_firmware	𝑥 < 2.9.4
siemens	simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware	*
siemens	simatic_s7-plcsim_advanced_firmware	𝑥 < 4.0
siemens	simatic_s7-plcsim_advanced_firmware	4.0
siemens	tim_1531_irc_firmware	2.2 ≤
siemens	simatic_s7-1500_software_controller	*
siemens	simatic_s7-1200_cpu_1211c_firmware	4.5.0 ≤ 𝑥 < 4.5.2
siemens	simatic_s7-1200_cpu_1212c_firmware	4.5.0 ≤ 𝑥 < 4.5.2
siemens	simatic_s7-1200_cpu_1212fc_firmware	4.5.0 ≤ 𝑥 < 4.5.2
siemens	simatic_s7-1200_cpu_1214fc_firmware	4.5.0 ≤ 𝑥 < 4.5.2
siemens	simatic_s7-1200_cpu_1214c_firmware	4.5.0 ≤ 𝑥 < 4.5.2
siemens	simatic_s7-1200_cpu_1215fc_firmware	4.5.0 ≤ 𝑥 < 4.5.2
siemens	simatic_s7-1200_cpu_1215c_firmware	4.5.0 ≤ 𝑥 < 4.5.2
siemens	simatic_s7-1200_cpu_1217c_firmware	4.5.0 ≤ 𝑥 < 4.5.2
siemens	simatic_s7-1500_cpu_1510sp-1_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1510sp_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1511-1_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1511c-1_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1511f-1_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1511t-1_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1511tf-1_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1512c-1_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1512sp-1_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1512spf-1_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1513-1_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1513f-1_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1513r-1_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_cpu_1513prof-2_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_cpu_1513pro-2_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1515-2_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1515f-2_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1515r-2_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1515t-2_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1515tf-2_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1516pro_f_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1516pro-2_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1516-3_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1516f-3_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1516t-3_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1516tf-3_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1517-3_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1517f-3_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1517tf-3_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1518-4_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1518f-4_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1518hf-4_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1518t-4_firmware	2.9.2 ≤ 𝑥 < 2.9.4
siemens	simatic_s7-1500_cpu_1518tf-4_firmware	2.9.2 ≤ 𝑥 < 2.9.4

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-672 - Operation on a Resource after Expiration or Release
The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdf