Denial-of-Service Vulnerability in Siemens SIMATIC S7-200 SMART CPU Family
CVE-2020-7584

7.5HIGH

Key Information:

Vendor: Siemens
Status: Simatic S7-200 Smart Cpu Family
Vendor: CVE Published:; 14 July 2020

What is CVE-2020-7584?

A significant vulnerability exists within the SIMATIC S7-200 SMART CPU family, affecting all versions from V2.2 to below V2.5.1. This issue arises when the devices inadequately manage a high volume of incoming connections, which can lead to a system crash under specific circumstances. Attackers exploiting this flaw could trigger a Denial-of-Service condition, rendering the affected devices unresponsive and disrupting operations.

Affected Version(s)

SIMATIC S7-200 SMART CPU family All versions >= V2.2 < V2.5.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-58918...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 14, 2020
Vulnerability Reserved
Jan 21, 2020