CVE-2021-37205

Name of the Vulnerable Software and Affected Versions SIMATIC Drive Controller family versions 2.9.2 through 2.9.4 SIMATIC ET 200SP Open Controller CPU 1515SP PC2 versions 21.9 through 21.9.4 SIMATIC S7-1200 CPU family versions 4.5.0 through 4.5.2 SIMATIC S7-1500 CPU family versions 2.9.2 through 2.9.4 SIMATIC S7-1500 Software Controller versions 21.9 through 21.9.4 SIMATIC S7-PLCSIM Advanced versions 4.0 through 4.0 SP1 SIPLUS TIM 1531 IRC versions prior to 2.3.6 TIM 1531 IRC versions prior to 2.3.6

Description The issue is related to improper memory deallocation before removing the last reference, which can be exploited by a remote attacker to cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.

Recommendations For SIMATIC Drive Controller family versions 2.9.2 through 2.9.4, update to version 2.9.4 or later. For SIMATIC ET 200SP Open Controller CPU 1515SP PC2 versions 21.9 through 21.9.4, update to version 21.9.4 or later. For SIMATIC S7-1200 CPU family versions 4.5.0 through 4.5.2, update to version 4.5.2 or later. For SIMATIC S7-1500 CPU family versions 2.9.2 through 2.9.4, update to version 2.9.4 or later. For SIMATIC S7-1500 Software Controller versions 21.9 through 21.9.4, update to version 21.9.4 or later. For SIMATIC S7-PLCSIM Advanced versions 4.0 through 4.0 SP1, update to version 4.0 SP1 or later. For SIPLUS TIM 1531 IRC versions prior to 2.3.6, update to version 2.3.6 or later. For TIM 1531 IRC versions prior to 2.3.6, update to version 2.3.6 or later.