CVE-2021-37186 — MEDIUM (5.4)

Q: How severe is CVE-2021-37186?

CVE-2021-37186 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-37186?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Logo\! Cmr2020 Firmware, Siemens Logo\! Cmr2020, Siemens Logo\! Cmr2040 Firmware, Siemens Logo\! Cmr2040, Siemens Simatic Rtu3010C Firmware.

Vulnerability Description

A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU3010C (All versions < V4.0.9), SIMATIC RTU3030C (All versions < V4.0.9), SIMATIC RTU3031C (All versions < V4.0.9), SIMATIC RTU3041C (All versions < V4.0.9). The underlying TCP/IP stack does not properly calculate the random numbers used as ISN (Initial Sequence Numbers). An adjacent attacker with network access to the LAN interface could interfere with traffic, spoof the connection and gain access to sensitive information.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Siemens	Logo\! Cmr2020 Firmware	< 2.2
Siemens	Logo\! Cmr2020	-
Siemens	Logo\! Cmr2040 Firmware	< 2.2
Siemens	Logo\! Cmr2040	-
Siemens	Simatic Rtu3010C Firmware	< 4.0.9
Siemens	Simatic Rtu3010C	All versions
Siemens	Simatic Rtu3030C Firmware	< 4.0.9
Siemens	Simatic Rtu3030C	All versions
Siemens	Simatic Rtu3031C Firmware	< 4.0.9
Siemens	Simatic Rtu3031C	All versions
Siemens	Simatic Rtu3041C Firmware	< 4.0.9
Siemens	Simatic Rtu3041C	All versions

Related Weaknesses (CWE)

CWE-330

References

https://cert-portal.siemens.com/productcert/pdf/ssa-316383.pdfPatchVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-316383.pdfPatchVendor Advisory

FAQ

What is CVE-2021-37186?

CVE-2021-37186 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU3010C (All versions < V4.0.9), SIMATIC RTU3030C (All versions < V4.0.9), SIM...

How severe is CVE-2021-37186?

CVE-2021-37186 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-37186?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Logo\! Cmr2020 Firmware, Siemens Logo\! Cmr2020, Siemens Logo\! Cmr2040 Firmware, Siemens Logo\! Cmr2040, Siemens Simatic Rtu3010C Firmware.