PT-2022-1965 · Siemens · Siplus Tim 1531 Irc+9

Published

2022-02-08

·

Updated

2023-04-11

·

CVE-2021-37204

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions SIMATIC Drive Controller family versions prior to V2.9.2 SIMATIC Drive Controller family versions V2.9.2 through V2.9.4 SIMATIC ET 200SP Open Controller CPU 1515SP PC versions prior to V21.9 SIMATIC ET 200SP Open Controller CPU 1515SP PC2 versions prior to V21.9 SIMATIC ET 200SP Open Controller CPU 1515SP PC2 versions V21.9 through V21.9.4 SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4Linux versions prior to V21.9.4 SIMATIC S7-1200 CPU family versions prior to V4.5.0 SIMATIC S7-1200 CPU family versions V4.5.0 through V4.5.2 SIMATIC S7-1500 CPU family versions prior to V2.9.2 SIMATIC S7-1500 CPU family versions V2.9.2 through V2.9.4 SIMATIC S7-1500 Software Controller versions prior to V21.9 SIMATIC S7-1500 Software Controller versions V21.9 through V21.9.4 SIMATIC S7-PLCSIM Advanced versions prior to V4.0 SIMATIC S7-PLCSIM Advanced versions V4.0 through V4.0 SP1 SIPLUS TIM 1531 IRC versions prior to V2.3.6 TIM 1531 IRC versions prior to V2.3.6
Description The issue is related to operations with a resource after its expiration. An unauthenticated attacker could cause a denial-of-service condition in a PLC by sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.
Recommendations For SIMATIC Drive Controller family versions prior to V2.9.2, update to version V2.9.2 or later. For SIMATIC Drive Controller family versions V2.9.2 through V2.9.4, update to version V2.9.4 or later. For SIMATIC ET 200SP Open Controller CPU 1515SP PC versions prior to V21.9, update to version V21.9 or later. For SIMATIC ET 200SP Open Controller CPU 1515SP PC2 versions prior to V21.9, update to version V21.9 or later. For SIMATIC ET 200SP Open Controller CPU 1515SP PC2 versions V21.9 through V21.9.4, update to version V21.9.4 or later. For SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4Linux versions prior to V21.9.4, update to version V21.9.4 or later. For SIMATIC S7-1200 CPU family versions prior to V4.5.0, update to version V4.5.0 or later. For SIMATIC S7-1200 CPU family versions V4.5.0 through V4.5.2, update to version V4.5.2 or later. For SIMATIC S7-1500 CPU family versions prior to V2.9.2, update to version V2.9.2 or later. For SIMATIC S7-1500 CPU family versions V2.9.2 through V2.9.4, update to version V2.9.4 or later. For SIMATIC S7-1500 Software Controller versions prior to V21.9, update to version V21.9 or later. For SIMATIC S7-1500 Software Controller versions V21.9 through V21.9.4, update to version V21.9.4 or later. For SIMATIC S7-PLCSIM Advanced versions prior to V4.0, update to version V4.0 or later. For SIMATIC S7-PLCSIM Advanced versions V4.0 through V4.0 SP1, update to version V4.0 SP1 or later. For SIPLUS TIM 1531 IRC versions prior to V2.3.6, update to version V2.3.6 or later. For TIM 1531 IRC versions prior to V2.3.6, update to version V2.3.6 or later.

Fix

Weakness Enumeration

CWE-672

Related Identifiers

BDU:2022-01526
CVE-2021-37204

Affected Products

Simatic Drive Controller
Simatic Et 200Sp Open Controller Cpu 1515Sp Pc
Simatic Et 200Sp Open Controller Cpu 1515Sp Pc2
Simatic Et 200Sp Open Controller Cpu 1515Sp Pc2 Ready4Linux
Simatic S7-1200 Cpu
Simatic S7-1500 Cpu
Simatic S7-1500 Software Controller
Simatic S7-Plcsim Advanced
Siplus Tim 1531 Irc
Tim 1531 Irc