Denial-of-Service Vulnerability in SIMATIC Drive Controllers and Related Products by Siemens
CVE-2021-37185

7.5HIGH

Key Information:

Vendor

Siemens
Status
Simatic Drive Controller Family
Simatic Et 200sp Open Controller Cpu 1515sp Pc2 (incl. Siplus Variants)
Simatic S7-1200 Cpu Family (incl. Siplus Variants)
Simatic S7-1500 Cpu Family (incl. Related Et200 Cpus And Siplus Variants)
Vendor
CVE Published:
9 February 2022

What is CVE-2021-37185?

A vulnerability exists in various Siemens SIMATIC products that allows an unauthenticated attacker to induce a denial-of-service condition. By sending specially crafted packets through port 102/tcp, the attacker can disrupt normal operations of the affected devices, necessitating a restart to restore functionality. This impact highlights significant security considerations for industrial systems relying on these controllers.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SIMATIC Drive Controller family All versions >= V2.9.2 < V2.9.4

SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) All versions >= V21.9 < V21.9.4

SIMATIC S7-1200 CPU family (incl. SIPLUS variants) All versions >= V4.5.0 < V4.5.2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-83812...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.