ID

VAR-202202-0370


CVE

CVE-2021-37205


TITLE

Lack of Freeing Memory After Expiration Vulnerability in Multiple Siemens Products

Trust: 0.8

sources: JVNDB: JVNDB-2022-005069

DESCRIPTION

A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations. Multiple Siemens products are vulnerable to lack of freeing memory after expiration.Service operation interruption (DoS) It may be in a state. The SIMATIC S7-1200 CPU family products are designed for discrete and continuous control in industrial environments such as the global manufacturing, food and beverage, and chemical industries. The SIMATIC S7-1500 CPU family products are designed for discrete and continuous control in industrial environments such as the global manufacturing, food and beverage, and chemical industries. The SIMATIC S7-1500 Software Controller is the SIMATIC software controller for PC-based automation solutions. SIMATIC S7-PLCSIM Advanced simulates the S7-1200, S7-1500 and some other PLC derivatives. Includes full network access to simulated PLCs, even in virtualized environments. SIPLUS extreme products are designed for reliable operation under extreme conditions, based on SIMATIC, LOGO! , SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. The TIM 1531 IRC is a communication module. Several Siemens industrial products have denial-of-service vulnerabilities that attackers can exploit to create denial-of-service conditions in PLCs

Trust: 2.16

sources: NVD: CVE-2021-37205 // JVNDB: JVNDB-2022-005069 // CNVD: CNVD-2022-10002

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-10002

AFFECTED PRODUCTS

vendor:siemensmodel:simatic s7-1500 cpu 1516t-3scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1517-3scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515f-2scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1517f-3scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518hf-4scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515f-2scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1513r-1scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1512c-1scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic drive controller cpu 1504d tfscope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511f-1scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1215cscope:gteversion:4.5.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511tf-1scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1512c-1scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu cpu 1513prof-2scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1510spscope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515t-2scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515tf-2scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1214cscope:ltversion:4.5.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518f-4scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515t-2scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511c-1scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515tf-2scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516tf-3scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518t-4scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516tf-3scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518t-4scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511t-1scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1513-1scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516pro fscope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-plcsim advancedscope:ltversion:4.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518-4scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511t-1scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1512spf-1scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511-1scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516pro fscope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1214cscope:gteversion:4.5.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1512spf-1scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516-3scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515r-2scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1510sp-1scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu cpu 1513pro-2scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511-1scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518-4scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1517-3scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516t-3scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1510sp-1scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516-3scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1215fcscope:gteversion:4.5.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1212cscope:gteversion:4.5.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1513f-1scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518hf-4scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515-2scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516pro-2scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1513f-1scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515-2scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1212fcscope:gteversion:4.5.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1510spscope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1517tf-3scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1214fcscope:ltversion:4.5.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1513r-1scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516pro-2scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1517f-3scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1517tf-3scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1217cscope:ltversion:4.5.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu cpu 1513prof-2scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511f-1scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511tf-1scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-plcsim advancedscope:eqversion:4.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1211cscope:ltversion:4.5.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1215fcscope:ltversion:4.5.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1212cscope:ltversion:4.5.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1513-1scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1212fcscope:ltversion:4.5.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511c-1scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516f-3scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 software controllerscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic et 200sp open controller cpu 1515sp pc2scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518f-4scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic drive controller cpu 1507d tfscope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1214fcscope:gteversion:4.5.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu cpu 1513pro-2scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516f-3scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1217cscope:gteversion:4.5.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518tf-4scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1512sp-1scope:gteversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1211cscope:gteversion:4.5.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1215cscope:ltversion:4.5.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518tf-4scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1512sp-1scope:ltversion:2.9.4

Trust: 1.0

vendor:siemensmodel:tim 1531 ircscope:gteversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515r-2scope:gteversion:2.9.2

Trust: 1.0

vendor:シーメンスmodel:simatic et 200sp open controller cpu 1515sp pc2scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1500 software controllerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:s7 1200 cpu 1214fcscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic drive controller cpu 1504d tfscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpu 1211cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:s7 1200 cpu 1212fcscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic drive controller cpu 1507d tfscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:tim 1531 ircscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpu 1212cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-plcsim advancedscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-1500 software controllerscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7-plcsim advancedscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic et 200sp open controller cpu 1515sp pc2scope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 cpu familyscope:gtversion:v2.5,<v2.9.2

Trust: 0.6

vendor:siemensmodel:simatic drive controller familyscope:ltversion:v2.9.4

Trust: 0.6

vendor:siemensmodel:simatic s7-1200 cpu familyscope:gteversion:v4.5.0<v4.5.2

Trust: 0.6

vendor:siemensmodel:tim ircscope:eqversion:1531>=v2.2

Trust: 0.6

sources: CNVD: CNVD-2022-10002 // JVNDB: JVNDB-2022-005069 // NVD: CVE-2021-37205

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37205
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2021-37205
value: HIGH

Trust: 1.0

NVD: CVE-2021-37205
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-10002
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202202-550
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-37205
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2022-10002
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-37205
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2022-005069
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-10002 // JVNDB: JVNDB-2022-005069 // CNNVD: CNNVD-202202-550 // NVD: CVE-2021-37205 // NVD: CVE-2021-37205

PROBLEMTYPE DATA

problemtype:CWE-401

Trust: 1.0

problemtype:Lack of memory release after expiration (CWE-401) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-005069 // NVD: CVE-2021-37205

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-550

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202202-550

PATCH

title:SSA-838121url:https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdf

Trust: 0.8

title:Patch for Multiple Siemens Industrial Products Denial of Service Vulnerabilities (CNVD-2022-10002)url:https://www.cnvd.org.cn/patchInfo/show/318451

Trust: 0.6

title:Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=181689

Trust: 0.6

sources: CNVD: CNVD-2022-10002 // JVNDB: JVNDB-2022-005069 // CNNVD: CNNVD-202202-550

EXTERNAL IDS

db:NVDid:CVE-2021-37205

Trust: 3.8

db:SIEMENSid:SSA-838121

Trust: 2.2

db:ICS CERTid:ICSA-22-041-01

Trust: 1.4

db:JVNid:JVNVU98748974

Trust: 0.8

db:JVNDBid:JVNDB-2022-005069

Trust: 0.8

db:CNVDid:CNVD-2022-10002

Trust: 0.6

db:CS-HELPid:SB2022021105

Trust: 0.6

db:AUSCERTid:ESB-2022.0605

Trust: 0.6

db:CNNVDid:CNNVD-202202-550

Trust: 0.6

sources: CNVD: CNVD-2022-10002 // JVNDB: JVNDB-2022-005069 // CNNVD: CNNVD-202202-550 // NVD: CVE-2021-37205

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdf

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-37205

Trust: 1.4

url:https://jvn.jp/vu/jvnvu98748974/index.html

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-041-01

Trust: 0.8

url:https://vigilance.fr/vulnerability/simatic-denial-of-service-via-prepared-packets-37484

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0605

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022021105

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-041-01

Trust: 0.6

sources: CNVD: CNVD-2022-10002 // JVNDB: JVNDB-2022-005069 // CNNVD: CNNVD-202202-550 // NVD: CVE-2021-37205

CREDITS

Gao Jian assisted the coordinated disclosure of these vulnerabilities with Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202202-550

SOURCES

db:CNVDid:CNVD-2022-10002
db:JVNDBid:JVNDB-2022-005069
db:CNNVDid:CNNVD-202202-550
db:NVDid:CVE-2021-37205

LAST UPDATE DATE

2024-08-14T12:22:53.167000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-10002date:2022-02-14T00:00:00
db:JVNDBid:JVNDB-2022-005069date:2023-05-16T08:46:00
db:CNNVDid:CNNVD-202202-550date:2023-04-12T00:00:00
db:NVDid:CVE-2021-37205date:2023-04-11T10:15:10.077

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-10002date:2022-02-14T00:00:00
db:JVNDBid:JVNDB-2022-005069date:2023-05-16T00:00:00
db:CNNVDid:CNNVD-202202-550date:2022-02-08T00:00:00
db:NVDid:CVE-2021-37205date:2022-02-09T16:15:13.393