CVE-2021-40368
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions < V10.1), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions < V8.2.3), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Affected devices improperly handle specially crafted packets sent to port 102/tcp.
This could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations.
Se ha identificado una vulnerabilidad en la familia de CPUs SIMATIC S7-400 H V6 (incluidas las variantes SIPLUS) (todas las versiones anteriores a V6.0.10), la familia de CPUs SIMATIC S7-400 PN/DP V7 (incluidas las variantes SIPLUS) (todas las versiones), la familia de CPUs SIMATIC S7-410 V10 (incluidas las variantes SIPLUS) (todas las versiones anteriores a V10.1) y la familia de CPUs SIMATIC S7-410 V8 (incluidas las variantes SIPLUS) (todas las versiones anteriores a V8.2.3). Los dispositivos afectados manejan incorrectamente paquetes especialmente diseñados enviados al puerto 102/tcp. Esto podría permitir a un atacante crear una condición de denegación de servicio. Se necesita un reinicio para restaurar las operaciones normales
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-09-01 CVE Reserved
- 2022-04-12 CVE Published
- 2023-11-03 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-557541.pdf | 2023-04-11 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Siemens Search vendor "Siemens" | Simatic S7-400h V6 Firmware Search vendor "Siemens" for product "Simatic S7-400h V6 Firmware" | < 6.0.10 Search vendor "Siemens" for product "Simatic S7-400h V6 Firmware" and version " < 6.0.10" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic S7-400h V6 Search vendor "Siemens" for product "Simatic S7-400h V6" | - | - |
Safe
|
Siemens Search vendor "Siemens" | Simatic S7-400 Pn\/dp V7 Firmware Search vendor "Siemens" for product "Simatic S7-400 Pn\/dp V7 Firmware" | * | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic S7-400 Pn\/dp V7 Search vendor "Siemens" for product "Simatic S7-400 Pn\/dp V7" | - | - |
Safe
|
Siemens Search vendor "Siemens" | Simatic S7-410 V8 Firmware Search vendor "Siemens" for product "Simatic S7-410 V8 Firmware" | * | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic S7-410 V8 Search vendor "Siemens" for product "Simatic S7-410 V8" | - | - |
Safe
|
Siemens Search vendor "Siemens" | Simatic S7-410 V10 Firmware Search vendor "Siemens" for product "Simatic S7-410 V10 Firmware" | < 10.1 Search vendor "Siemens" for product "Simatic S7-410 V10 Firmware" and version " < 10.1" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic S7-410 V10 Search vendor "Siemens" for product "Simatic S7-410 V10" | - | - |
Safe
|