A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC Drive Controller family (All…
siemens·CWE-672·Published 2022-02-09
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4Linux (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations.
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4Linux (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations.
Se ha identificado una vulnerabilidad en la familia de controladores de accionamiento SIMATIC (Todas las versiones anteriores a la versión V2.9.2), la familia SIMATIC Drive Controller (Todas las versiones posteriores o iguales a la versión V2.9.2 anteriores a la versión V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. variantes SIPLUS) (Todas las versiones), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variantes SIPLUS) SIPLUS) (Todas las versiones anteriores a la versión V21.9), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variantes SIPLUS) (Todas las versiones posteriores o iguales a la versión V21.9 anteriores a la versión V21.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4Linux (Todas las versiones), Familia de CPUs SIMATIC S7-1200 (incl. variantes SIPLUS) (Todas las versiones anteriores a la versión V4.5. 0), familia de CPUs SIMATIC S7-1200 (incl. variantes SIPLUS) (Todas las versiones posteriores o iguales a la versión V4.5.0 anteriores a la versión V4.5.2), familia de CPUs SIMATIC S7-1500 (incl. CPUs ET200 relacionadas y variantes SIPLUS) (Todas las versiones anteriores a la versión V2.9.2), familia de CPUs SIMATIC S7-1500 (incl. CPUs ET200 relacionadas y variantes SIPLUS) (Todas las versiones posteriores o iguales a la versión V2.9.2 anteriores a la versión V2.9. 4), SIMATIC S7-1500 Software Controller (Todas las versiones anteriores a la versión V21.9), SIMATIC S7-1500 Software Controller (Todas las versiones posteriores o iguales a la versión V21.9 anteriores a la versión V21.9.4), SIMATIC S7-PLCSIM Advanced (Todas las versiones anteriores a la versión V4.0), SIMATIC S7-PLCSIM Advanced (Todas las versiones posteriores o iguales a la versión V4.0 anteriores a la versión V4.0 SP1), TIM 1531 IRC (incl. variantes SIPLUS NET) (Todas las versiones posteriores o iguales a la versión V2.2). Un atacante no autenticado podría causar una condición de denegación de servicio en un PLC al enviar un paquete especialmente preparado sobre el puerto 102/tcp. Es necesario reiniciar el dispositivo afectado para restablecer el funcionamiento normal
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 7.1 | 8.6 | 6.9 | AV:N/AC:M/Au:N/C:N/I:N/A:C |
| 3.1 | Primary | cve.org | 7.5 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
| 3.1 | Primary | cve.org | 7.5 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
| 3.1 | Secondary | NVD | 7.5 | 3.9 | 3.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 3.1 | Secondary | NVD | 7.5 | 3.9 | 3.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |