CVE-2021-33737

Name of the Vulnerable Software and Affected Versions: SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions) SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions) SIMATIC CP 343-1 ERPC (All versions) SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions) SIMATIC CP 443-1 versions prior to V3.3 SIMATIC CP 443-1 Advanced versions prior to V3.3 SIPLUS NET CP 443-1 versions prior to V3.3 SIPLUS NET CP 443-1 Advanced versions prior to V3.3

Description: A vulnerability has been identified that could cause a denial of service condition when a specially crafted packet is sent to port 102/tcp of an affected device. This results in the need for a restart to restore normal operations.

Recommendations: For SIMATIC CP 343-1 (incl. SIPLUS variants), consider restricting access to port 102/tcp until a fix is available. For SIMATIC CP 343-1 Advanced (incl. SIPLUS variants), consider restricting access to port 102/tcp until a fix is available. For SIMATIC CP 343-1 ERPC, consider restricting access to port 102/tcp until a fix is available. For SIMATIC CP 343-1 Lean (incl. SIPLUS variants), consider restricting access to port 102/tcp until a fix is available. For SIMATIC CP 443-1 versions prior to V3.3, update to version V3.3 or later. For SIMATIC CP 443-1 Advanced versions prior to V3.3, update to version V3.3 or later. For SIPLUS NET CP 443-1 versions prior to V3.3, update to version V3.3 or later. For SIPLUS NET CP 443-1 Advanced versions prior to V3.3, update to version V3.3 or later.