{"SIMATIC S7-200 SMART CPU Firmware Vulnerability Could Lead to Denial of Service","SIMATIC S7-200 SMART CPU Affected by TCP Packet Structure Error","Unplugging Network Cable Can Restore Normal Operations for SIMATIC S7-200 SMART CPU"}
CVE-2024-43647

7.5HIGH

Key Information:

Vendor: Siemens
Status: Simatic S7-200 Smart Cpu Cr40; Simatic S7-200 Smart Cpu Cr60; Simatic S7-200 Smart Cpu Sr20; Simatic S7-200 Smart Cpu Sr30
Vendor: CVE Published:; 10 September 2024

Summary

A vulnerability exists in multiple versions of Siemens' SIMATIC S7-200 SMART CPU models due to improper handling of TCP packets with incorrect structures. This flaw can be exploited by an unauthenticated remote attacker to trigger a Denial of Service condition, leading to device unavailability. The only way to restore normal operations is to unplug and re-plug the network cable of the affected device. Users are advised to take necessary precautions to safeguard their networks and mitigate potential risks associated with this vulnerability.

Affected Version(s)

SIMATIC S7-200 SMART CPU CR40 0

SIMATIC S7-200 SMART CPU CR60 0

SIMATIC S7-200 SMART CPU SR20 0

References

https://cert-portal.siemens.com/productcert/html/ssa-9697...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Aug 14, 2024