Network Vulnerability in SIMOTICS and Capital Embedded Products by Siemens
CVE-2021-31344

6.9MEDIUM

Key Information:

Vendor
Siemens
Status
Capital Embedded Ar Classic 431-422
Capital Embedded Ar Classic R20-11
Pluscontrol 1st Gen
Simotics Connect 400
Vendor
CVE Published:
9 November 2021

Summary

A vulnerability exists in various Siemens products that allows for the manipulation of ICMP echo packets, enabling attackers to send ICMP echo reply messages to arbitrary hosts within the network. This could lead to potential unauthorized access or disruption of services, making these products susceptible to exploitation if not properly secured.

Affected Version(s)

Capital Embedded AR Classic 431-422 0

Capital Embedded AR Classic R20-11 0

PLUSCONTROL 1st Gen All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-11458...
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-04411...
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-62028...
x_refsource_MISC

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.