Denial-of-Service Vulnerability in SIMATIC S7-300 and Related Products by Siemens
CVE-2020-15783

7.5HIGH

Key Information:

Vendor: Siemens
Status: Simatic S7-300 Cpu Family (incl. Related Et200 Cpus And Siplus Variants); Simatic Tdc Cpu555; Sinumerik 840d Sl
Vendor: CVE Published:; 12 November 2020

Summary

A design flaw has been detected in the SIMATIC S7-300 CPU family, as well as associated ET200 CPUs and SIPLUS variants, which allows attackers to send multiple specially crafted packets to these devices. This can lead to a Denial-of-Service condition on port 102, resulting in an interruption of service. To restore functionality, a cold restart of the affected devices is required.

Affected Version(s)

SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) All versions

SIMATIC TDC CPU555 All versions

SINUMERIK 840D sl All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-49282...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2020
Vulnerability Reserved
Jul 15, 2020