CVE-2020-25242

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions). Specially crafted packets sent to TCP port 102 could cause a Denial-of-Service condition on the affected devices. A cold restart might be necessary in order to recover.

Se ha identificado una vulnerabilidad en SIMATIC NET CP 343-1 Advanced (incluyendo variantes SIPLUS) (todas las versiones), SIMATIC NET CP 343-1 Lean (incluyendo variantes SIPLUS) (todas las versiones), SIMATIC NET CP 343-1 Standard ( incl. variantes SIPLUS) (todas las versiones). Los paquetes especialmente diseñados enviados hacia el puerto TCP 102 podrían causar una condición de Denegación de Servicio en los dispositivos afectados. Puede ser necesario un reinicio en frío para recuperarse

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-09-10 CVE Reserved
2021-05-12 CVE Published
2024-01-26 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption

CAPEC

References (2)

URL	Tag	Source
https://us-cert.cisa.gov/ics/advisories/icsa-21-131-07	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-676775.pdf	2021-12-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"	Simatic Net Cp 343-1 Advanced Firmware Search vendor "Siemens" for product "Simatic Net Cp 343-1 Advanced Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Simatic Net Cp 343-1 Advanced Search vendor "Siemens" for product "Simatic Net Cp 343-1 Advanced"	-	-	Safe
Siemens Search vendor "Siemens"	Simatic Net Cp 343-1 Lean Firmware Search vendor "Siemens" for product "Simatic Net Cp 343-1 Lean Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Simatic Net Cp 343-1 Lean Search vendor "Siemens" for product "Simatic Net Cp 343-1 Lean"	-	-	Safe
Siemens Search vendor "Siemens"	Simatic Net Cp 343-1 Standard Firmware Search vendor "Siemens" for product "Simatic Net Cp 343-1 Standard Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Simatic Net Cp 343-1 Standard Search vendor "Siemens" for product "Simatic Net Cp 343-1 Standard"	-	-	Safe