CVE-2021-33737

Published: Sep 14, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD (Secondary)

Description

A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3). Sending a specially crafted packet to port 102/tcp of an affected device could cause a denial of service condition. A restart is needed to restore normal operations.

Affected (6)

Products: Siemens: Simatic Cp 343 1 Firmware, Simatic Cp 343 1 Advanced Firmware, Simatic Cp 343 1 Erpc Firmware, Simatic Cp 343 1 Lean Firmware, Simatic Cp 443 1 Firmware, Simatic Cp 443 1 Advanced Firmware

Siemens

6 products

Simatic Cp 343 1 Firmware

Simatic Cp 343 1 Advanced Firmware

Simatic Cp 343 1 Erpc Firmware

Simatic Cp 343 1 Lean Firmware

Simatic Cp 443 1 Firmware

Simatic Cp 443 1 Advanced Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Cp 343 1 Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Cp343 1	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Cp 343 1 Advanced Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Cp343 1 Advanced	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Cp 343 1 Erpc Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Cp 343 1 Erpc	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Cp 343 1 Lean Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Cp 343 1 Lean	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Cp 443 1 Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Cp 443 1	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Cp 443 1 Advanced Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Cp 443 1 Advanced	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf

Source: productcert@siemens.com

PatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.