SSA-838121
Vulnerability from csaf_siemens - Published: 2022-02-08 00:00 - Updated: 2023-04-11 00:00Summary
SSA-838121: Multiple Denial of Service Vulnerabilities in Industrial Products
Notes
Summary
Affected SIMATIC firmware contains three vulnerabilities that could allow an unauthenticated attacker to perform a denial of service attack under certain conditions.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Affected SIMATIC firmware contains three vulnerabilities that could allow an unauthenticated attacker to perform a denial of service attack under certain conditions.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-838121: Multiple Denial of Service Vulnerabilities in Industrial Products - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-838121.html"
},
{
"category": "self",
"summary": "SSA-838121: Multiple Denial of Service Vulnerabilities in Industrial Products - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-838121.json"
},
{
"category": "self",
"summary": "SSA-838121: Multiple Denial of Service Vulnerabilities in Industrial Products - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdf"
},
{
"category": "self",
"summary": "SSA-838121: Multiple Denial of Service Vulnerabilities in Industrial Products - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-838121.txt"
}
],
"title": "SSA-838121: Multiple Denial of Service Vulnerabilities in Industrial Products",
"tracking": {
"current_release_date": "2023-04-11T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-838121",
"initial_release_date": "2022-02-08T00:00:00Z",
"revision_history": [
{
"date": "2022-02-08T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2022-03-08T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added solution for SIMATIC S7-PLCSIM Advanced"
},
{
"date": "2022-07-12T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added fix for SIMATIC ET 200SP Open Controller CPU 1515SP PC2 and SIMATIC S7-1500 Software Controller, clarify that CVE-2021-37204 is also affecting devices without TLS and added SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) and SIMATIC ET 200SP Open Controller CPU 1515SP PC2 \u0027Ready4Linux\u0027 as affected by CVE-2021-37204"
},
{
"date": "2023-04-11T00:00:00Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added fix for TIM 1531 IRC"
}
],
"status": "interim",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV2.9.2",
"product": {
"name": "SIMATIC Drive Controller family",
"product_id": "1"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003e=V2.9.2\u003cV2.9.4",
"product": {
"name": "SIMATIC Drive Controller family",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "SIMATIC Drive Controller family"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV21.9",
"product": {
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"product_id": "4"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003e=V21.9\u003cV21.9.4",
"product": {
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4Linux",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV4.5.0",
"product": {
"name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"product_id": "7"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003e=V4.5.0\u003cV4.5.2",
"product": {
"name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV2.9.2",
"product": {
"name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"product_id": "9"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003e=V2.9.2\u003cV2.9.4",
"product": {
"name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"product_id": "10"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV21.9",
"product": {
"name": "SIMATIC S7-1500 Software Controller",
"product_id": "11"
}
},
{
"category": "product_version_range",
"name": "vers:all/\u003e=V21.9\u003cV21.9.4",
"product": {
"name": "SIMATIC S7-1500 Software Controller",
"product_id": "12"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV4.0",
"product": {
"name": "SIMATIC S7-PLCSIM Advanced",
"product_id": "13"
}
},
{
"category": "product_version_range",
"name": "All versions \u003e= V4.0 \u003c V4.0 SP1",
"product": {
"name": "SIMATIC S7-PLCSIM Advanced",
"product_id": "14"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-PLCSIM Advanced"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV2.3.6",
"product": {
"name": "SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0)",
"product_id": "15",
"product_identification_helper": {
"model_numbers": [
"6AG1543-1MX00-7XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV2.3.6",
"product": {
"name": "TIM 1531 IRC (6GK7543-1MX00-0XE0)",
"product_id": "16",
"product_identification_helper": {
"model_numbers": [
"6GK7543-1MX00-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "TIM 1531 IRC (6GK7543-1MX00-0XE0)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-37185",
"cwe": {
"id": "CWE-672",
"name": "Operation on a Resource after Expiration or Release"
},
"notes": [
{
"category": "summary",
"text": "An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"2",
"5",
"8",
"10",
"12",
"14",
"15",
"16"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.3.6 or later version",
"product_ids": [
"15",
"16"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109817397/"
},
{
"category": "vendor_fix",
"details": "Update to V21.9.4 or later version",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109759122/"
},
{
"category": "vendor_fix",
"details": "Update to V4.5.2 or later version",
"product_ids": [
"8"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793280/"
},
{
"category": "vendor_fix",
"details": "Update to V2.9.4 or later version",
"product_ids": [
"10"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
},
{
"category": "vendor_fix",
"details": "Update to V21.9.4 or later version",
"product_ids": [
"12"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478528/"
},
{
"category": "vendor_fix",
"details": "Update to V2.9.4 or later version",
"product_ids": [
"2"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109773914/"
},
{
"category": "vendor_fix",
"details": "Update to V4.0 SP1 or later version",
"product_ids": [
"14"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109805271/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"2",
"5",
"8",
"10",
"12",
"14",
"15",
"16"
]
}
],
"title": "CVE-2021-37185"
},
{
"cve": "CVE-2021-37204",
"cwe": {
"id": "CWE-672",
"name": "Operation on a Resource after Expiration or Release"
},
"notes": [
{
"category": "summary",
"text": "An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"3",
"6"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.3.6 or later version",
"product_ids": [
"15",
"16"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109817397/"
},
{
"category": "vendor_fix",
"details": "Update to V21.9.4 or later version",
"product_ids": [
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109759122/"
},
{
"category": "vendor_fix",
"details": "Update to V4.5.2 or later version",
"product_ids": [
"7",
"8"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793280/"
},
{
"category": "vendor_fix",
"details": "Update to V2.9.4 or later version",
"product_ids": [
"9",
"10"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
},
{
"category": "vendor_fix",
"details": "Update to V21.9.4 or later version",
"product_ids": [
"11",
"12"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478528/"
},
{
"category": "vendor_fix",
"details": "Update to V2.9.4 or later version",
"product_ids": [
"1",
"2"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109773914/"
},
{
"category": "vendor_fix",
"details": "Update to V4.0 SP1 or later version",
"product_ids": [
"13",
"14"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109805271/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16"
]
}
],
"title": "CVE-2021-37204"
},
{
"cve": "CVE-2021-37205",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"2",
"5",
"8",
"10",
"12",
"14",
"15",
"16"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.3.6 or later version",
"product_ids": [
"15",
"16"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109817397/"
},
{
"category": "vendor_fix",
"details": "Update to V21.9.4 or later version",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109759122/"
},
{
"category": "vendor_fix",
"details": "Update to V4.5.2 or later version",
"product_ids": [
"8"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793280/"
},
{
"category": "vendor_fix",
"details": "Update to V2.9.4 or later version",
"product_ids": [
"10"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
},
{
"category": "vendor_fix",
"details": "Update to V21.9.4 or later version",
"product_ids": [
"12"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478528/"
},
{
"category": "vendor_fix",
"details": "Update to V2.9.4 or later version",
"product_ids": [
"2"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109773914/"
},
{
"category": "vendor_fix",
"details": "Update to V4.0 SP1 or later version",
"product_ids": [
"14"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109805271/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"2",
"5",
"8",
"10",
"12",
"14",
"15",
"16"
]
}
],
"title": "CVE-2021-37205"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…