Denial-of-Service Vulnerability in SIMATIC NET CP 343-1 by Siemens
CVE-2020-25242

7.5HIGH

Key Information:

Vendor
Siemens
Status
Simatic Net Cp 343-1 Advanced (incl. Siplus Variants)
Simatic Net Cp 343-1 Lean (incl. Siplus Variants)
Simatic Net Cp 343-1 Standard (incl. Siplus Variants)
Vendor
CVE Published:
12 May 2021

Summary

A vulnerability exists in SIMATIC NET CP 343-1 devices, including specific SIPLUS variants. Maliciously crafted packets targeting TCP port 102 can trigger a Denial-of-Service condition, rendering the affected devices unresponsive. Recovery may require a complete cold restart, potentially disrupting operations and affecting network stability.

Affected Version(s)

SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) All versions

SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) All versions

SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-67677...
x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-67677...
x_refsource_MISC
https://us-cert.cisa.gov/ics/advisories/icsa-21-131-07
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.