CVE-2024-43647

Name of the Vulnerable Software and Affected Versions: SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions) SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions) SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions) SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) (All versions) SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) (All versions) SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) (All versions) SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) (All versions) SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) (All versions) SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) (All versions) SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) (All versions) SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) (All versions) SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) (All versions) SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) (All versions) SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) (All versions) SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) (All versions) SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) (All versions) SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) (All versions) SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) (All versions)

Description: The affected devices do not properly handle TCP packets with an incorrect structure, which could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the network cable of the device needs to be unplugged and re-plugged.

Recommendations: To resolve the issue for each affected version, the following steps can be taken: Unplug and re-plug the network cable to restore normal operations. As a temporary workaround, consider restricting access to the device until a patch is available. Avoid using the device in a network environment until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.