7.5

CVE-2021-37205

A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SiemensTim 1531 Irc Firmware Version >= 2.2
   SiemensTim 1531 Irc Version-
SiemensSimatic S7-1200 Cpu 1211c Firmware Version >= 4.5.0 < 4.5.2
SiemensSimatic S7-1200 Cpu 1212c Firmware Version >= 4.5.0 < 4.5.2
SiemensSimatic S7-1200 Cpu 1212fc Firmware Version >= 4.5.0 < 4.5.2
SiemensSimatic S7-1200 Cpu 1214fc Firmware Version >= 4.5.0 < 4.5.2
SiemensSimatic S7-1200 Cpu 1214c Firmware Version >= 4.5.0 < 4.5.2
SiemensSimatic S7-1200 Cpu 1215fc Firmware Version >= 4.5.0 < 4.5.2
SiemensSimatic S7-1200 Cpu 1215c Firmware Version >= 4.5.0 < 4.5.2
SiemensSimatic S7-1200 Cpu 1217c Firmware Version >= 4.5.0 < 4.5.2
SiemensSimatic S7-1500 Cpu 1510sp Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1511-1 Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1511c-1 Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1511f-1 Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1511t-1 Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1512c-1 Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1513-1 Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1513f-1 Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1513r-1 Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1515-2 Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1515f-2 Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1515r-2 Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1515t-2 Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1516-3 Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1516f-3 Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1516t-3 Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1517-3 Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1517f-3 Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1518-4 Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1518f-4 Firmware Version >= 2.9.2 < 2.9.4
SiemensSimatic S7-1500 Cpu 1518t-4 Firmware Version >= 2.9.2 < 2.9.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.64% 0.735
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
productcert@siemens.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdf
Patch
Vendor Advisory