csaf_siemens - ssa-787292

SSA-787292

Vulnerability from csaf_siemens - Published: 2021-06-08 00:00 - Updated: 2022-05-10 00:00

Summary

SSA-787292: Denial of Service Vulnerability in SIMATIC RFID Readers

Notes

Summary

The latest updates for SIMATIC RF products fix a vulnerability that could allow an unauthorized attacker to crash the OPC UA service of the affected devices. Siemens has released updates for the affected products and recommends to update to the latest versions.

General Recommendations

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.

JSON

To clipboard

{
  "document": {
    "category": "Siemens Security Advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited.",
      "tlp": {
        "label": "WHITE"
      }
    },
    "notes": [
      {
        "category": "summary",
        "text": "The latest updates for SIMATIC RF products fix a vulnerability that could allow an unauthorized attacker to crash the OPC UA service of the affected devices.\n\nSiemens has released updates for the affected products and recommends to update to the latest versions.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-787292: Denial of Service Vulnerability in SIMATIC RFID Readers - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-787292: Denial of Service Vulnerability in SIMATIC RFID Readers - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-787292.txt"
      },
      {
        "category": "self",
        "summary": "SSA-787292: Denial of Service Vulnerability in SIMATIC RFID Readers - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-787292.json"
      }
    ],
    "title": "SSA-787292: Denial of Service Vulnerability in SIMATIC RFID Readers",
    "tracking": {
      "current_release_date": "2022-05-10T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-787292",
      "initial_release_date": "2021-06-08T00:00:00Z",
      "revision_history": [
        {
          "date": "2021-06-08T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2022-04-12T00:00:00Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added solution for SIMATIC RF600R family and clarified list of affected devices"
        },
        {
          "date": "2022-05-10T00:00:00Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added solution for SIMATIC RF360R"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V3.0 \u003c V4.0",
                "product": {
                  "name": "SIMATIC Reader RF610R CMIIT",
                  "product_id": "1",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2811-6BC10-2AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Reader RF610R CMIIT"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V3.0 \u003c V4.0",
                "product": {
                  "name": "SIMATIC Reader RF610R ETSI",
                  "product_id": "2",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2811-6BC10-0AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Reader RF610R ETSI"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V3.0 \u003c V4.0",
                "product": {
                  "name": "SIMATIC Reader RF610R FCC",
                  "product_id": "3",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2811-6BC10-1AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Reader RF610R FCC"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V3.0 \u003c V4.0",
                "product": {
                  "name": "SIMATIC Reader RF615R CMIIT",
                  "product_id": "4",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2811-6CC10-2AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Reader RF615R CMIIT"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V3.0 \u003c V4.0",
                "product": {
                  "name": "SIMATIC Reader RF615R ETSI",
                  "product_id": "5",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2811-6CC10-0AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Reader RF615R ETSI"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V3.0 \u003c V4.0",
                "product": {
                  "name": "SIMATIC Reader RF615R FCC",
                  "product_id": "6",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2811-6CC10-1AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Reader RF615R FCC"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V3.0 \u003c V4.0",
                "product": {
                  "name": "SIMATIC Reader RF650R ARIB",
                  "product_id": "7",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2811-6AB20-4AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Reader RF650R ARIB"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V3.0 \u003c V4.0",
                "product": {
                  "name": "SIMATIC Reader RF650R CMIIT",
                  "product_id": "8",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2811-6AB20-2AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Reader RF650R CMIIT"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V3.0 \u003c V4.0",
                "product": {
                  "name": "SIMATIC Reader RF650R ETSI",
                  "product_id": "9",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2811-6AB20-0AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Reader RF650R ETSI"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V3.0 \u003c V4.0",
                "product": {
                  "name": "SIMATIC Reader RF650R FCC",
                  "product_id": "10",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2811-6AB20-1AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Reader RF650R FCC"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V3.0 \u003c V4.0",
                "product": {
                  "name": "SIMATIC Reader RF680R ARIB",
                  "product_id": "11",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2811-6AA10-4AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Reader RF680R ARIB"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V3.0 \u003c V4.0",
                "product": {
                  "name": "SIMATIC Reader RF680R CMIIT",
                  "product_id": "12",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2811-6AA10-2AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Reader RF680R CMIIT"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V3.0 \u003c V4.0",
                "product": {
                  "name": "SIMATIC Reader RF680R ETSI",
                  "product_id": "13",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2811-6AA10-0AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Reader RF680R ETSI"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V3.0 \u003c V4.0",
                "product": {
                  "name": "SIMATIC Reader RF680R FCC",
                  "product_id": "14",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2811-6AA10-1AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Reader RF680R FCC"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V3.0 \u003c V4.0",
                "product": {
                  "name": "SIMATIC Reader RF685R ARIB",
                  "product_id": "15",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2811-6CA10-4AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Reader RF685R ARIB"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V3.0 \u003c V4.0",
                "product": {
                  "name": "SIMATIC Reader RF685R CMIIT",
                  "product_id": "16",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2811-6CA10-2AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Reader RF685R CMIIT"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V3.0 \u003c V4.0",
                "product": {
                  "name": "SIMATIC Reader RF685R ETSI",
                  "product_id": "17",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2811-6CA10-0AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Reader RF685R ETSI"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V3.0 \u003c V4.0",
                "product": {
                  "name": "SIMATIC Reader RF685R FCC",
                  "product_id": "18",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2811-6CA10-1AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Reader RF685R FCC"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V1.1 and \u003c V1.3.2",
                "product": {
                  "name": "SIMATIC RF166C",
                  "product_id": "19",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2002-0EE20"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC RF166C"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V1.1 and \u003c V1.3.2",
                "product": {
                  "name": "SIMATIC RF185C",
                  "product_id": "20",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2002-0JE10"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC RF185C"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V1.1 and \u003c V1.3.2",
                "product": {
                  "name": "SIMATIC RF186C",
                  "product_id": "21",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2002-0JE20"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC RF186C"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V1.1 and \u003c V1.3.2",
                "product": {
                  "name": "SIMATIC RF186CI",
                  "product_id": "22",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2002-0JE50"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC RF186CI"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V1.1 and \u003c V1.3.2",
                "product": {
                  "name": "SIMATIC RF188C",
                  "product_id": "23",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2002-0JE40"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC RF188C"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e V1.1 and \u003c V1.3.2",
                "product": {
                  "name": "SIMATIC RF188CI",
                  "product_id": "24",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2002-0JE60"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC RF188CI"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c V2.0",
                "product": {
                  "name": "SIMATIC RF360R",
                  "product_id": "25",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6GT2801-5BA30"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC RF360R"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-31340",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "23",
          "24",
          "25"
        ]
      },
      "references": [
        {
          "summary": "CVE-2021-31340 - SIMATIC Reader RF610R CMIIT",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808361"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC Reader RF610R ETSI",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808361"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC Reader RF610R FCC",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808361"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC Reader RF615R CMIIT",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808361"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC Reader RF615R ETSI",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808361"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC Reader RF615R FCC",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808361"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC Reader RF650R ARIB",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808361"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC Reader RF650R CMIIT",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808361"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC Reader RF650R ETSI",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808361"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC Reader RF650R FCC",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808361"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC Reader RF680R ARIB",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808361"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC Reader RF680R CMIIT",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808361"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC Reader RF680R ETSI",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808361"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC Reader RF680R FCC",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808361"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC Reader RF685R ARIB",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808361"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC Reader RF685R CMIIT",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808361"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC Reader RF685R ETSI",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808361"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC Reader RF685R FCC",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808361"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC RF166C",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109768507"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC RF185C",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109768507"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC RF186C",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109768507"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC RF186CI",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109768507"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC RF188C",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109768507"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC RF188CI",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109768507"
        },
        {
          "summary": "CVE-2021-31340 - SIMATIC RF360R",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808759"
        },
        {
          "summary": "CVE-2021-31340 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31340.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V4.0 or later version",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808361"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V1.3.2",
          "product_ids": [
            "19",
            "20",
            "21",
            "22",
            "23",
            "24"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109768507"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2.0 or later version",
          "product_ids": [
            "25"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109808759"
        },
        {
          "category": "mitigation",
          "details": "Deactivate the OPC-UA feature of affected devices",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23",
            "24",
            "25"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23",
            "24",
            "25"
          ]
        }
      ],
      "title": "CVE-2021-31340"
    }
  ]
}

CVE-2021-31340 (GCVE-0-2021-31340)

Vulnerability from cvelistv5 – Published: 2021-06-08 19:47 – Updated: 2024-08-03 22:55

Summary

A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions < V2.0), SIMATIC Reader RF610R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF610R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF610R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF615R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF615R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF615R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF650R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF650R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF680R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF680R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF685R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF685R FCC (All versions > V3.0 < V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation.

Severity ?

No CVSS data available.

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

siemens

References

URL

Tags

https://cert-portal.siemens.com/productcert/pdf/s…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Siemens

SIMATIC RF166C

Affected: All versions > V1.1 and < V1.3.2

Siemens	SIMATIC RF185C	Affected: All versions > V1.1 and < V1.3.2
Siemens	SIMATIC RF186C	Affected: All versions > V1.1 and < V1.3.2
Siemens	SIMATIC RF186CI	Affected: All versions > V1.1 and < V1.3.2
Siemens	SIMATIC RF188C	Affected: All versions > V1.1 and < V1.3.2
Siemens	SIMATIC RF188CI	Affected: All versions > V1.1 and < V1.3.2
Siemens	SIMATIC RF360R	Affected: All versions < V2.0
Siemens	SIMATIC Reader RF610R CMIIT	Affected: All versions > V3.0 < V4.0
Siemens	SIMATIC Reader RF610R ETSI	Affected: All versions > V3.0 < V4.0
Siemens	SIMATIC Reader RF610R FCC	Affected: All versions > V3.0 < V4.0
Siemens	SIMATIC Reader RF615R CMIIT	Affected: All versions > V3.0 < V4.0
Siemens	SIMATIC Reader RF615R ETSI	Affected: All versions > V3.0 < V4.0
Siemens	SIMATIC Reader RF615R FCC	Affected: All versions > V3.0 < V4.0
Siemens	SIMATIC Reader RF650R ARIB	Affected: All versions > V3.0 < V4.0
Siemens	SIMATIC Reader RF650R CMIIT	Affected: All versions > V3.0 < V4.0
Siemens	SIMATIC Reader RF650R ETSI	Affected: All versions > V3.0 < V4.0
Siemens	SIMATIC Reader RF650R FCC	Affected: All versions > V3.0 < V4.0
Siemens	SIMATIC Reader RF680R ARIB	Affected: All versions > V3.0 < V4.0
Siemens	SIMATIC Reader RF680R CMIIT	Affected: All versions > V3.0 < V4.0
Siemens	SIMATIC Reader RF680R ETSI	Affected: All versions > V3.0 < V4.0
Siemens	SIMATIC Reader RF680R FCC	Affected: All versions > V3.0 < V4.0
Siemens	SIMATIC Reader RF685R ARIB	Affected: All versions > V3.0 < V4.0
Siemens	SIMATIC Reader RF685R CMIIT	Affected: All versions > V3.0 < V4.0
Siemens	SIMATIC Reader RF685R ETSI	Affected: All versions > V3.0 < V4.0
Siemens	SIMATIC Reader RF685R FCC	Affected: All versions > V3.0 < V4.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:55:53.544Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SIMATIC RF166C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V1.1 and \u003c V1.3.2"
            }
          ]
        },
        {
          "product": "SIMATIC RF185C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V1.1 and \u003c V1.3.2"
            }
          ]
        },
        {
          "product": "SIMATIC RF186C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V1.1 and \u003c V1.3.2"
            }
          ]
        },
        {
          "product": "SIMATIC RF186CI",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V1.1 and \u003c V1.3.2"
            }
          ]
        },
        {
          "product": "SIMATIC RF188C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V1.1 and \u003c V1.3.2"
            }
          ]
        },
        {
          "product": "SIMATIC RF188CI",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V1.1 and \u003c V1.3.2"
            }
          ]
        },
        {
          "product": "SIMATIC RF360R",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.0"
            }
          ]
        },
        {
          "product": "SIMATIC Reader RF610R CMIIT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V3.0 \u003c V4.0"
            }
          ]
        },
        {
          "product": "SIMATIC Reader RF610R ETSI",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V3.0 \u003c V4.0"
            }
          ]
        },
        {
          "product": "SIMATIC Reader RF610R FCC",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V3.0 \u003c V4.0"
            }
          ]
        },
        {
          "product": "SIMATIC Reader RF615R CMIIT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V3.0 \u003c V4.0"
            }
          ]
        },
        {
          "product": "SIMATIC Reader RF615R ETSI",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V3.0 \u003c V4.0"
            }
          ]
        },
        {
          "product": "SIMATIC Reader RF615R FCC",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V3.0 \u003c V4.0"
            }
          ]
        },
        {
          "product": "SIMATIC Reader RF650R ARIB",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V3.0 \u003c V4.0"
            }
          ]
        },
        {
          "product": "SIMATIC Reader RF650R CMIIT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V3.0 \u003c V4.0"
            }
          ]
        },
        {
          "product": "SIMATIC Reader RF650R ETSI",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V3.0 \u003c V4.0"
            }
          ]
        },
        {
          "product": "SIMATIC Reader RF650R FCC",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V3.0 \u003c V4.0"
            }
          ]
        },
        {
          "product": "SIMATIC Reader RF680R ARIB",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V3.0 \u003c V4.0"
            }
          ]
        },
        {
          "product": "SIMATIC Reader RF680R CMIIT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V3.0 \u003c V4.0"
            }
          ]
        },
        {
          "product": "SIMATIC Reader RF680R ETSI",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V3.0 \u003c V4.0"
            }
          ]
        },
        {
          "product": "SIMATIC Reader RF680R FCC",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V3.0 \u003c V4.0"
            }
          ]
        },
        {
          "product": "SIMATIC Reader RF685R ARIB",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V3.0 \u003c V4.0"
            }
          ]
        },
        {
          "product": "SIMATIC Reader RF685R CMIIT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V3.0 \u003c V4.0"
            }
          ]
        },
        {
          "product": "SIMATIC Reader RF685R ETSI",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V3.0 \u003c V4.0"
            }
          ]
        },
        {
          "product": "SIMATIC Reader RF685R FCC",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e V3.0 \u003c V4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC RF166C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF185C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF360R (All versions \u003c V2.0), SIMATIC Reader RF610R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R FCC (All versions \u003e V3.0 \u003c V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-10T09:46:26",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-31340",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC RF166C",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V1.1 and \u003c V1.3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC RF185C",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V1.1 and \u003c V1.3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC RF186C",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V1.1 and \u003c V1.3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC RF186CI",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V1.1 and \u003c V1.3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC RF188C",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V1.1 and \u003c V1.3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC RF188CI",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V1.1 and \u003c V1.3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC RF360R",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Reader RF610R CMIIT",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V3.0 \u003c V4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Reader RF610R ETSI",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V3.0 \u003c V4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Reader RF610R FCC",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V3.0 \u003c V4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Reader RF615R CMIIT",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V3.0 \u003c V4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Reader RF615R ETSI",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V3.0 \u003c V4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Reader RF615R FCC",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V3.0 \u003c V4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Reader RF650R ARIB",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V3.0 \u003c V4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Reader RF650R CMIIT",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V3.0 \u003c V4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Reader RF650R ETSI",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V3.0 \u003c V4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Reader RF650R FCC",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V3.0 \u003c V4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Reader RF680R ARIB",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V3.0 \u003c V4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Reader RF680R CMIIT",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V3.0 \u003c V4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Reader RF680R ETSI",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V3.0 \u003c V4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Reader RF680R FCC",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V3.0 \u003c V4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Reader RF685R ARIB",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V3.0 \u003c V4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Reader RF685R CMIIT",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V3.0 \u003c V4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Reader RF685R ETSI",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V3.0 \u003c V4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Reader RF685R FCC",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e V3.0 \u003c V4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SIMATIC RF166C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF185C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF360R (All versions \u003c V2.0), SIMATIC Reader RF610R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R FCC (All versions \u003e V3.0 \u003c V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400: Uncontrolled Resource Consumption"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-31340",
    "datePublished": "2021-06-08T19:47:16",
    "dateReserved": "2021-04-15T00:00:00",
    "dateUpdated": "2024-08-03T22:55:53.544Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SSA-787292

CVE-2021-31340 (GCVE-0-2021-31340)

Tags

Sightings

Nomenclature