Lucene search

[email protected]NVD:CVE-2021-33737

HistorySep 14, 2021 - 11:15 a.m.

CVE-2021-33737

2021-09-1411:15:24

CWE-119

[email protected]

web.nvd.nist.gov

simatic cp 343-1

siplus variants

simatic cp 343-1 advanced

simatic cp 343-1 erpc

simatic cp 343-1 lean

simatic cp 443-1

siplus net cp 443-1

denial of service

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

42.5%

JSON

A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3). Sending a specially crafted packet to port 102/tcp of an affected device could cause a denial of service condition. A restart is needed to restore normal operations.

Affected configurations

Nvd

Node

siemenssimatic_cp343-1Match-

AND

siemenssimatic_cp_343-1_firmware

Node

siemenssimatic_cp343-1_advancedMatch-

AND

siemenssimatic_cp_343-1_advanced_firmware

Node

siemenssimatic_cp_343-1_erpc

AND

siemenssimatic_cp_343-1_erpc_firmware

Node

siemenssimatic_cp_343-1_lean

AND

siemenssimatic_cp_343-1_lean_firmware

Node

siemenssimatic_cp_443-1

AND

siemenssimatic_cp_443-1_firmware

Node

siemenssimatic_cp_443-1_advanced

AND

siemenssimatic_cp_443-1_advanced_firmware

VendorProductVersionCPE
siemenssimatic_cp343-1-cpe:2.3:h:siemens:simatic_cp343-1:-:*:*:*:*:*:*:*
siemenssimatic_cp_343-1_firmware*cpe:2.3:o:siemens:simatic_cp_343-1_firmware:*:*:*:*:*:*:*:*
siemenssimatic_cp343-1_advanced-cpe:2.3:h:siemens:simatic_cp343-1_advanced:-:*:*:*:*:*:*:*
siemenssimatic_cp_343-1_advanced_firmware*cpe:2.3:o:siemens:simatic_cp_343-1_advanced_firmware:*:*:*:*:*:*:*:*
siemenssimatic_cp_343-1_erpc*cpe:2.3:h:siemens:simatic_cp_343-1_erpc:*:*:*:*:*:*:*:*
siemenssimatic_cp_343-1_erpc_firmware*cpe:2.3:o:siemens:simatic_cp_343-1_erpc_firmware:*:*:*:*:*:*:*:*
siemenssimatic_cp_343-1_lean*cpe:2.3:h:siemens:simatic_cp_343-1_lean:*:*:*:*:*:*:*:*
siemenssimatic_cp_343-1_lean_firmware*cpe:2.3:o:siemens:simatic_cp_343-1_lean_firmware:*:*:*:*:*:*:*:*
siemenssimatic_cp_443-1*cpe:2.3:h:siemens:simatic_cp_443-1:*:*:*:*:*:*:*:*
siemenssimatic_cp_443-1_firmware*cpe:2.3:o:siemens:simatic_cp_443-1_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	simatic_cp343-1	-	cpe:2.3:h:siemens:simatic_cp343-1:-:::::::*
siemens	simatic_cp_343-1_firmware	*	cpe:2.3:o:siemens:simatic_cp_343-1_firmware::::::::
siemens	simatic_cp343-1_advanced	-	cpe:2.3:h:siemens:simatic_cp343-1_advanced:-:::::::*
siemens	simatic_cp_343-1_advanced_firmware	*	cpe:2.3:o:siemens:simatic_cp_343-1_advanced_firmware::::::::
siemens	simatic_cp_343-1_erpc	*	cpe:2.3:h:siemens:simatic_cp_343-1_erpc::::::::
siemens	simatic_cp_343-1_erpc_firmware	*	cpe:2.3:o:siemens:simatic_cp_343-1_erpc_firmware::::::::
siemens	simatic_cp_343-1_lean	*	cpe:2.3:h:siemens:simatic_cp_343-1_lean::::::::
siemens	simatic_cp_343-1_lean_firmware	*	cpe:2.3:o:siemens:simatic_cp_343-1_lean_firmware::::::::
siemens	simatic_cp_443-1	*	cpe:2.3:h:siemens:simatic_cp_443-1::::::::
siemens	simatic_cp_443-1_firmware	*	cpe:2.3:o:siemens:simatic_cp_443-1_firmware::::::::

Rows per page:

1-10 of 121

References

cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

42.5%

JSON

Related for NVD:CVE-2021-33737

cvelist1 cnvd1 ics1 nessus1 prion1 cve1