CVE-2020-25242

Name of the Vulnerable Software and Affected Versions: SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions) SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions) SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions)

Description: A Denial-of-Service condition can be triggered on the affected devices by sending specially crafted packets to TCP port 102. This may require a cold restart to recover.

Recommendations: For SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants), restrict access to TCP port 102 until a fix is available. For SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants), consider implementing network segmentation to limit the attack surface. For SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants), avoid exposing the device to untrusted networks to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.