1. Home
  2. CVE Database
  3. CVE-2021-37205
HIGH · 7.5

CVE-2021-37205

A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9...

Vulnerability Description

A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
SiemensSimatic Drive Controller Cpu 1504D Tf Firmware< 2.9.4
SiemensSimatic Drive Controller Cpu 1504D Tf-
SiemensSimatic Drive Controller Cpu 1507D Tf Firmware< 2.9.4
SiemensSimatic Drive Controller Cpu 1507D Tf-
SiemensSimatic Et 200Sp Open Controller Cpu 1515Sp Pc2 FirmwareAll versions
SiemensSimatic Et 200Sp Open Controller Cpu 1515Sp Pc2-
SiemensSimatic S7-Plcsim Advanced Firmware< 4.0
SiemensSimatic S7-Plcsim Advanced-
SiemensTim 1531 Irc Firmware>= 2.2
SiemensTim 1531 Irc-
SiemensSimatic S7-1500 Software ControllerAll versions
SiemensSimatic S7-1200 Cpu 1211C Firmware>= 4.5.0, < 4.5.2
SiemensSimatic S7-1200 Cpu 1211C-
SiemensSimatic S7-1200 Cpu 1212C Firmware>= 4.5.0, < 4.5.2
SiemensSimatic S7-1200 Cpu 1212C-
SiemensSimatic S7-1200 Cpu 1212Fc Firmware>= 4.5.0, < 4.5.2
SiemensSimatic S7-1200 Cpu 1212Fc-
SiemensSimatic S7-1200 Cpu 1214Fc Firmware>= 4.5.0, < 4.5.2
SiemensSimatic S7-1200 Cpu 1214Fc-
SiemensSimatic S7-1200 Cpu 1214C Firmware>= 4.5.0, < 4.5.2

Related Weaknesses (CWE)

CWE-401

References

FAQ

What is CVE-2021-37205?

CVE-2021-37205 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9...

How severe is CVE-2021-37205?

CVE-2021-37205 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-37205?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Drive Controller Cpu 1504D Tf Firmware, Siemens Simatic Drive Controller Cpu 1504D Tf, Siemens Simatic Drive Controller Cpu 1507D Tf Firmware, Siemens Simatic Drive Controller Cpu 1507D Tf, Siemens Simatic Et 200Sp Open Controller Cpu 1515Sp Pc2 Firmware.