CVE-2021-37186

Published: Sep 14, 2021Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU3010C (All versions < V4.0.9), SIMATIC RTU3030C (All versions < V4.0.9), SIMATIC RTU3031C (All versions < V4.0.9), SIMATIC RTU3041C (All versions < V4.0.9). The underlying TCP/IP stack does not properly calculate the random numbers used as ISN (Initial Sequence Numbers). An adjacent attacker with network access to the LAN interface could interfere with traffic, spoof the connection and gain access to sensitive information.

Affected (6)

Products: Siemens: Logo! Cmr2020 Firmware, Logo! Cmr2040 Firmware, Simatic Rtu3010c Firmware, Simatic Rtu3030c Firmware, Simatic Rtu3031c Firmware, Simatic Rtu3041c Firmware

Siemens

6 products

Logo! Cmr2020 Firmware

Logo! Cmr2040 Firmware

Simatic Rtu3010c Firmware

Simatic Rtu3030c Firmware

Simatic Rtu3031c Firmware

Simatic Rtu3041c Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Logo! Cmr2020 Firmware	Before 2.2

Running on/with	Platform Versions
Siemens Logo! Cmr2020	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Logo! Cmr2040 Firmware	Before 2.2

Running on/with	Platform Versions
Siemens Logo! Cmr2040	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Rtu3010c Firmware	Before 4.0.9

Running on/with	Platform Versions
Siemens Simatic Rtu3010c	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Rtu3030c Firmware	Before 4.0.9

Running on/with	Platform Versions
Siemens Simatic Rtu3030c	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Rtu3031c Firmware	Before 4.0.9

Running on/with	Platform Versions
Siemens Simatic Rtu3031c	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Rtu3041c Firmware	Before 4.0.9

Running on/with	Platform Versions
Siemens Simatic Rtu3041c	All versions

Related CWEs

CWE-330

Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-316383.pdf

Source: productcert@siemens.com

PatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-316383.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.