CVE-2021-40368Improper Restriction of Operations within the Bounds of a Memory Buffer in Siemens Simatic S7-400h V6 Firmware

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 36.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
22
Siemens Simatic S7-400h V6 FirmwareSiemens Simatic S7-410 V10 FirmwareSiemens Simatic S7-400 CPU 412-1 DP V7+19 more
Timeline
PublishedApr 12
Latest updateApr 13

Description

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), S

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages22 packages

CVEListV5siemens/simatic_s7-410_v8_cpu_familyAll versions < V8.2.3
CVEListV5siemens/simatic_s7-410_v10_cpu_familyAll versions < V10.1
CVEListV5siemens/simatic_s7-400_h_v6_cpu_familyAll versions < V6.0.10
CVEListV5siemens/simatic_s7-400_cpu_416f-3_pn_dp_v7All versions < V7.0.3

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-q4w8-vrmx-g9m6: A vulnerability has been identified in SIMATIC S7-400 H V6 CPU family (incl2022-04-13
CVEList
CVE-2021-40368: A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CP2022-04-12
CVE-2021-40368 — Siemens vulnerability | cvebase