CVE-2021-37205

CVSS V2 High 7.1 CVSS V3 High 7.5
Description
A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.
Overview
  • CVE ID
  • CVE-2021-37205
  • Assigner
  • productcert@siemens.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2022-02-09T16:15:13
  • Last Modified Date
  • 2023-04-11T10:15:10
Weakness Enumerations
CWE URL
CWE-401 http://cwe.mitre.org/data/definitions/401.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:siemens:simatic_drive_controller_cpu_1504d_tf_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.4
cpe:2.3:h:siemens:simatic_drive_controller_cpu_1504d_tf:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_drive_controller_cpu_1507d_tf_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.4
cpe:2.3:h:siemens:simatic_drive_controller_cpu_1507d_tf:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-plcsim_advanced_firmware:*:*:*:*:*:*:*:* 1 OR 4.0
cpe:2.3:o:siemens:simatic_s7-plcsim_advanced_firmware:4.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:simatic_s7-plcsim_advanced:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:* 1 OR 2.2
cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:a:siemens:simatic_s7-1500_software_controller:*:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:* 1 OR 4.5.0 4.5.2
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:* 1 OR 4.5.0 4.5.2
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212fc_firmware:*:*:*:*:*:*:*:* 1 OR 4.5.0 4.5.2
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214fc_firmware:*:*:*:*:*:*:*:* 1 OR 4.5.0 4.5.2
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214fc:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:* 1 OR 4.5.0 4.5.2
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215fc_firmware:*:*:*:*:*:*:*:* 1 OR 4.5.0 4.5.2
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215fc:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:* 1 OR 4.5.0 4.5.2
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:* 1 OR 4.5.0 4.5.2
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1510sp-1_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1510sp-1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1510sp_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1510sp:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511-1_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511-1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511c-1_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511c-1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511f-1_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511f-1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511t-1_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511t-1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511tf-1_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511tf-1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512c-1_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512c-1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512sp-1_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512sp-1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512spf-1_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512spf-1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513-1_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513-1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513f-1_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513f-1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513r-1_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513r-1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_cpu_1513prof-2_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_cpu_1513prof-2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_cpu_1513pro-2_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_cpu_1513pro-2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515-2_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515-2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515f-2_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515f-2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515r-2_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515r-2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515t-2_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515t-2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515tf-2_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515tf-2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516pro_f_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516pro_f:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516pro-2_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516pro-2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516-3_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516f-3_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516f-3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516t-3_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516t-3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516tf-3_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516tf-3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517-3_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517f-3_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517f-3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517tf-3_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517tf-3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518hf-4_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518hf-4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518t-4_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518t-4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518tf-4_firmware:*:*:*:*:*:*:*:* 1 OR 2.9.2 2.9.4
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518tf-4:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:N/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.1
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 6.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • HIGH
  • Base Score
  • 7.5
  • Base Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 3.6
References
Reference URL Reference Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdf Patch Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2021-37205
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37205
History
Created Old Value New Value Data Type Notes
2022-05-10 06:27:01 Added to TrackCVE
2022-12-06 08:54:14 2022-02-09T16:15Z 2022-02-09T16:15:13 CVE Published Date updated
2022-12-06 08:54:14 2022-07-12T10:15:09 CVE Modified Date updated
2022-12-06 08:54:14 Modified Vulnerability Status updated
2023-04-11 12:11:46 2023-04-11T10:15:10 CVE Modified Date updated
2023-04-11 12:11:46 A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations. A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations. Description updated