Denial of Service Vulnerability in Siemens SIMATIC CP 343-1 and CP 443-1 Products
CVE-2021-33737

7.5HIGH

Key Information:

Vendor: Siemens
Status: Simatic Cp 343-1 (incl. Siplus Variants); Simatic Cp 343-1 Advanced (incl. Siplus Variants); Simatic Cp 343-1 Erpc; Simatic Cp 343-1 Lean (incl. Siplus Variants)
Vendor: CVE Published:; 14 September 2021

What is CVE-2021-33737?

A security flaw exists in Siemens SIMATIC CP 343-1 and CP 443-1 products that may be exploited by sending a specially crafted packet to port 102/tcp. This attack can lead to a denial of service condition, requiring a restart of the affected devices to restore normal functionality. It affects multiple versions of SIMATIC CP 343-1, SIMATIC CP 443-1, and their various SIPLUS variants.

Affected Version(s)

SIMATIC CP 343-1 (incl. SIPLUS variants) All versions

SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) All versions

SIMATIC CP 343-1 ERPC All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-54923...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 14, 2021
Vulnerability Reserved
May 28, 2021