csaf_certbund - wid-sec-w-2024-2095

wid-sec-w-2024-2095

Vulnerability from csaf_certbund

Published

2024-09-09 22:00

Modified

2024-09-09 22:00

Summary

Siemens SIMATIC S7: Schwachstelle ermöglicht Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Die SIMATIC S7 ist eine Serie von SPS (Speicherprogrammierbare Steuerungen) für Automatisierungsanwendungen.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Siemens SIMATIC S7 ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "mittel",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "Die SIMATIC S7 ist eine Serie von SPS (Speicherprogrammierbare Steuerungen) für Automatisierungsanwendungen.",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Siemens SIMATIC S7 ausnutzen, um einen Denial of Service Angriff durchzuführen.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- Sonstiges",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2024-2095 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2095.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2024-2095 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2095",
         },
         {
            category: "external",
            summary: "SiemensSecurity Advisory by Siemens ProductCERT vom 2024-09-09",
            url: "https://cert-portal.siemens.com/productcert/html/ssa-969738.html",
         },
      ],
      source_lang: "en-US",
      title: "Siemens SIMATIC S7: Schwachstelle ermöglicht Denial of Service",
      tracking: {
         current_release_date: "2024-09-09T22:00:00.000+00:00",
         generator: {
            date: "2024-09-10T11:04:57.169+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.6",
            },
         },
         id: "WID-SEC-W-2024-2095",
         initial_release_date: "2024-09-09T22:00:00.000+00:00",
         revision_history: [
            {
               date: "2024-09-09T22:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "200 SMART devices",
                        product: {
                           name: "Siemens SIMATIC S7 200 SMART devices",
                           product_id: "T037387",
                           product_identification_helper: {
                              cpe: "cpe:/h:siemens:simatic_s7:200_smart_devices",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "SIMATIC S7",
               },
            ],
            category: "vendor",
            name: "Siemens",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2024-43647",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Siemens SIMATIC S7-200 SMART Geräten. Dieser Fehler existiert wegen einer unsachgemäßen Behandlung von TCP-Paketen mit einer falschen Struktur. Durch das Senden speziell gestalteter TCP-Pakete kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.",
            },
         ],
         product_status: {
            known_affected: [
               "T037387",
            ],
         },
         release_date: "2024-09-09T22:00:00.000+00:00",
         title: "CVE-2024-43647",
      },
   ],
}

CVE-2024-43647 (GCVE-0-2024-43647)

Vulnerability from cvelistv5

Published

2024-09-10 09:36

Modified

2024-09-10 14:52

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:T/RC:C
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Summary

A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) (All versions). Affected devices do not properly handle TCP packets with an incorrect structure. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the network cable of the device needs to be unplugged and re-plugged.

References

▼	URL	Tags
	https://cert-portal.siemens.com/productcert/html/ssa-969738.html

Impacted products

Vendor

Product

Version

▼

Siemens

SIMATIC S7-200 SMART CPU CR40

Version: 0 < *

Siemens	SIMATIC S7-200 SMART CPU CR60	Version: 0 < *
Siemens	SIMATIC S7-200 SMART CPU SR20	Version: 0 < *
Siemens	SIMATIC S7-200 SMART CPU SR20	Version: 0 < *
Siemens	SIMATIC S7-200 SMART CPU SR30	Version: 0 < *
Siemens	SIMATIC S7-200 SMART CPU SR30	Version: 0 < *
Siemens	SIMATIC S7-200 SMART CPU SR40	Version: 0 < *
Siemens	SIMATIC S7-200 SMART CPU SR40	Version: 0 < *
Siemens	SIMATIC S7-200 SMART CPU SR60	Version: 0 < *
Siemens	SIMATIC S7-200 SMART CPU SR60	Version: 0 < *
Siemens	SIMATIC S7-200 SMART CPU ST20	Version: 0 < *
Siemens	SIMATIC S7-200 SMART CPU ST20	Version: 0 < *
Siemens	SIMATIC S7-200 SMART CPU ST30	Version: 0 < *
Siemens	SIMATIC S7-200 SMART CPU ST30	Version: 0 < *
Siemens	SIMATIC S7-200 SMART CPU ST40	Version: 0 < *
Siemens	SIMATIC S7-200 SMART CPU ST40	Version: 0 < *
Siemens	SIMATIC S7-200 SMART CPU ST60	Version: 0 < *
Siemens	SIMATIC S7-200 SMART CPU ST60	Version: 0 < *

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_cr20s:-:*:*:*:*:*:*:*",
                     "cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_cr30s:-:*:*:*:*:*:*:*",
                     "cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_cr40:-:*:*:*:*:*:*:*",
                     "cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_cr40s:-:*:*:*:*:*:*:*",
                     "cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_cr60:-:*:*:*:*:*:*:*",
                     "cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_cr60s:-:*:*:*:*:*:*:*",
                     "cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_sr20:-:*:*:*:*:*:*:*",
                     "cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_sr30:-:*:*:*:*:*:*:*",
                     "cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_sr40:-:*:*:*:*:*:*:*",
                     "cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_sr60:-:*:*:*:*:*:*:*",
                     "cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_st20:-:*:*:*:*:*:*:*",
                     "cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_st30:-:*:*:*:*:*:*:*",
                     "cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_st40:-:*:*:*:*:*:*:*",
                     "cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_st60:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "simatic_s7-200_smart_cpu_st60",
                  vendor: "siemens",
                  versions: [
                     {
                        lessThan: "*",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-43647",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-10T14:39:05.223979Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-10T14:52:35.401Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unknown",
               product: "SIMATIC S7-200 SMART CPU CR40",
               vendor: "Siemens",
               versions: [
                  {
                     lessThan: "*",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "SIMATIC S7-200 SMART CPU CR60",
               vendor: "Siemens",
               versions: [
                  {
                     lessThan: "*",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "SIMATIC S7-200 SMART CPU SR20",
               vendor: "Siemens",
               versions: [
                  {
                     lessThan: "*",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "SIMATIC S7-200 SMART CPU SR20",
               vendor: "Siemens",
               versions: [
                  {
                     lessThan: "*",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "SIMATIC S7-200 SMART CPU SR30",
               vendor: "Siemens",
               versions: [
                  {
                     lessThan: "*",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "SIMATIC S7-200 SMART CPU SR30",
               vendor: "Siemens",
               versions: [
                  {
                     lessThan: "*",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "SIMATIC S7-200 SMART CPU SR40",
               vendor: "Siemens",
               versions: [
                  {
                     lessThan: "*",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "SIMATIC S7-200 SMART CPU SR40",
               vendor: "Siemens",
               versions: [
                  {
                     lessThan: "*",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "SIMATIC S7-200 SMART CPU SR60",
               vendor: "Siemens",
               versions: [
                  {
                     lessThan: "*",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "SIMATIC S7-200 SMART CPU SR60",
               vendor: "Siemens",
               versions: [
                  {
                     lessThan: "*",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "SIMATIC S7-200 SMART CPU ST20",
               vendor: "Siemens",
               versions: [
                  {
                     lessThan: "*",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "SIMATIC S7-200 SMART CPU ST20",
               vendor: "Siemens",
               versions: [
                  {
                     lessThan: "*",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "SIMATIC S7-200 SMART CPU ST30",
               vendor: "Siemens",
               versions: [
                  {
                     lessThan: "*",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "SIMATIC S7-200 SMART CPU ST30",
               vendor: "Siemens",
               versions: [
                  {
                     lessThan: "*",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "SIMATIC S7-200 SMART CPU ST40",
               vendor: "Siemens",
               versions: [
                  {
                     lessThan: "*",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "SIMATIC S7-200 SMART CPU ST40",
               vendor: "Siemens",
               versions: [
                  {
                     lessThan: "*",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "SIMATIC S7-200 SMART CPU ST60",
               vendor: "Siemens",
               versions: [
                  {
                     lessThan: "*",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unknown",
               product: "SIMATIC S7-200 SMART CPU ST60",
               vendor: "Siemens",
               versions: [
                  {
                     lessThan: "*",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) (All versions). Affected devices do not properly handle TCP packets with an incorrect structure. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the network cable of the device needs to be unplugged and re-plugged.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:T/RC:C",
                  version: "3.1",
               },
            },
            {
               cvssV4_0: {
                  baseScore: 8.7,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                  version: "4.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-400",
                     description: "CWE-400: Uncontrolled Resource Consumption",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-09-10T09:36:49.879Z",
            orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            shortName: "siemens",
         },
         references: [
            {
               url: "https://cert-portal.siemens.com/productcert/html/ssa-969738.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
      assignerShortName: "siemens",
      cveId: "CVE-2024-43647",
      datePublished: "2024-09-10T09:36:49.879Z",
      dateReserved: "2024-08-14T05:49:17.278Z",
      dateUpdated: "2024-09-10T14:52:35.401Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted