CVE-2021-37205

CWE-401 — Memory Leak3 documents3 sources

Severity

7.5HIGH

EPSS

1.1%

top 21.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic Drive Controller CPU 1504d TF Firmware Siemens Simatic Drive Controller CPU 1507d TF Firmware Siemens Simatic S7-1200 CPU 1211c Firmware +51 more

Timeline

PublishedFeb 9

Latest updateFeb 10

Description

A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages54 packages

▶CVEListV5siemens/simatic_drive_controller_familyAll versions >= V2.9.2 < V2.9.4

▶NVDsiemens/simatic_drive_controller_cpu_1504d_tf_firmware< 2.9.4

▶NVDsiemens/simatic_drive_controller_cpu_1507d_tf_firmware< 2.9.4

▶CVEListV5siemens/siplus_tim_1531_ircAll versions < V2.3.6

▶CVEListV5siemens/simatic_s7-1200_cpu_family_(incl._siplus_variants)All versions >= V4.5.0 < V4.5.2

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-78f8-w6wx-97fh: A vulnerability has been identified in SIMATIC Drive Controller family (All versions = V4↗2022-02-10

▶

CVEList

CVE-2021-37205: A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2↗2022-02-09

▶