PT-2021-21561 · Siemens · Logo! Cmr2020+5
Published
2021-09-14
·
Updated
2022-04-29
·
CVE-2021-37186
CVSS v3.1
5.4
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
LOGO! CMR2020 versions prior to V2.2
LOGO! CMR2040 versions prior to V2.2
SIMATIC RTU3010C versions prior to V4.0.9
SIMATIC RTU3030C versions prior to V4.0.9
SIMATIC RTU3031C versions prior to V4.0.9
SIMATIC RTU3041C versions prior to V4.0.9
Description
A vulnerability has been identified in the TCP/IP stack of the affected devices, where it does not properly calculate the random numbers used as Initial Sequence Numbers (ISN). This could allow an adjacent attacker with network access to the LAN interface to interfere with traffic, spoof the connection, and gain access to sensitive information.
Recommendations
For LOGO! CMR2020 versions prior to V2.2, update to version V2.2 or later.
For LOGO! CMR2040 versions prior to V2.2, update to version V2.2 or later.
For SIMATIC RTU3010C versions prior to V4.0.9, update to version V4.0.9 or later.
For SIMATIC RTU3030C versions prior to V4.0.9, update to version V4.0.9 or later.
For SIMATIC RTU3031C versions prior to V4.0.9, update to version V4.0.9 or later.
For SIMATIC RTU3041C versions prior to V4.0.9, update to version V4.0.9 or later.
Fix
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Logo! Cmr2020
Logo! Cmr2040
Simatic Rtu3010C
Simatic Rtu3030C
Simatic Rtu3031C
Simatic Rtu3041C