Network Vulnerability in SIMOTICS and Capital Embedded Products by Siemens
CVE-2021-31344

6.9MEDIUM

Key Information:

Vendor: Siemens
Status: Capital Embedded Ar Classic 431-422; Capital Embedded Ar Classic R20-11; Pluscontrol 1st Gen; Simotics Connect 400
Vendor: CVE Published:; 9 November 2021

What is CVE-2021-31344?

A vulnerability exists in various Siemens products that allows for the manipulation of ICMP echo packets, enabling attackers to send ICMP echo reply messages to arbitrary hosts within the network. This could lead to potential unauthorized access or disruption of services, making these products susceptible to exploitation if not properly secured.

Affected Version(s)

Capital Embedded AR Classic 431-422 0

Capital Embedded AR Classic R20-11 0

PLUSCONTROL 1st Gen All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-11458...

x_refsource_MISC

https://cert-portal.siemens.com/productcert/pdf/ssa-04411...

x_refsource_MISC

https://cert-portal.siemens.com/productcert/pdf/ssa-62028...

x_refsource_MISC

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 9, 2021
Vulnerability Reserved
Apr 15, 2021