CVE-2024-43647

Severity Score

8.7

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) (All versions). Affected devices do not properly handle TCP packets with an incorrect structure. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the network cable of the device needs to be unplugged and re-plugged.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

None

Integrity

None

Availability

High

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-08-14 CVE Reserved
2024-09-10 CVE Published
2024-09-10 CVE Updated
2024-09-11 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption

CAPEC

References (1)

URL	Tag	Source
https://cert-portal.siemens.com/productcert/html/ssa-969738.html

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"		SIMATIC S7-200 SMART CPU CR40 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU CR40"				0 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU CR40" and version "0"		en		Affected
Siemens Search vendor "Siemens"		SIMATIC S7-200 SMART CPU CR60 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU CR60"				0 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU CR60" and version "0"		en		Affected
Siemens Search vendor "Siemens"		SIMATIC S7-200 SMART CPU SR20 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU SR20"				0 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU SR20" and version "0"		en		Affected
Siemens Search vendor "Siemens"		SIMATIC S7-200 SMART CPU SR20 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU SR20"				0 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU SR20" and version "0"		en		Affected
Siemens Search vendor "Siemens"		SIMATIC S7-200 SMART CPU SR30 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU SR30"				0 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU SR30" and version "0"		en		Affected
Siemens Search vendor "Siemens"		SIMATIC S7-200 SMART CPU SR30 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU SR30"				0 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU SR30" and version "0"		en		Affected
Siemens Search vendor "Siemens"		SIMATIC S7-200 SMART CPU SR40 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU SR40"				0 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU SR40" and version "0"		en		Affected
Siemens Search vendor "Siemens"		SIMATIC S7-200 SMART CPU SR40 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU SR40"				0 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU SR40" and version "0"		en		Affected
Siemens Search vendor "Siemens"		SIMATIC S7-200 SMART CPU SR60 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU SR60"				0 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU SR60" and version "0"		en		Affected
Siemens Search vendor "Siemens"		SIMATIC S7-200 SMART CPU SR60 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU SR60"				0 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU SR60" and version "0"		en		Affected
Siemens Search vendor "Siemens"		SIMATIC S7-200 SMART CPU ST20 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU ST20"				0 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU ST20" and version "0"		en		Affected
Siemens Search vendor "Siemens"		SIMATIC S7-200 SMART CPU ST20 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU ST20"				0 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU ST20" and version "0"		en		Affected
Siemens Search vendor "Siemens"		SIMATIC S7-200 SMART CPU ST30 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU ST30"				0 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU ST30" and version "0"		en		Affected
Siemens Search vendor "Siemens"		SIMATIC S7-200 SMART CPU ST30 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU ST30"				0 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU ST30" and version "0"		en		Affected
Siemens Search vendor "Siemens"		SIMATIC S7-200 SMART CPU ST40 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU ST40"				0 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU ST40" and version "0"		en		Affected
Siemens Search vendor "Siemens"		SIMATIC S7-200 SMART CPU ST40 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU ST40"				0 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU ST40" and version "0"		en		Affected
Siemens Search vendor "Siemens"		SIMATIC S7-200 SMART CPU ST60 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU ST60"				0 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU ST60" and version "0"		en		Affected
Siemens Search vendor "Siemens"		SIMATIC S7-200 SMART CPU ST60 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU ST60"				0 Search vendor "Siemens" for product "SIMATIC S7-200 SMART CPU ST60" and version "0"		en		Affected