ID

VAR-202212-1312


CVE

CVE-2021-44694


TITLE

Improper validation vulnerability for specified types of input in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2021-020592

DESCRIPTION

Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. simatic s7-plcsim advanced firmware, SIMATIC S7-1200 CPU 1211C firmware, SIMATIC S7-1200 CPU 1212C Multiple Siemens products, including firmware, are vulnerable to improper validation of specified types of input.Information is tampered with and service operation is interrupted (DoS) It may be in a state. SIMATIC Drive Controllers are used for the automation of production machines, combining the functions of SIMATIC S7-1500 CPU and SINAMICS S120 drive control. SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller including optional visualization functions and central I/O in a compact device. SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments, such as global manufacturing, food and beverage, and chemical industries. SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industry. SIMATIC S7-1500 Software Controller is the SIMATIC Software Controller for PC-based automation solutions. SIMATIC S7-PLCSIM Advanced simulates S7-1200, S7-1500 and some other PLC derivatives. Includes full network access to simulated PLCs, even in virtualized environments. SIPLUS extreme products are designed to operate reliably under extreme conditions, based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the products they are based on. TIM 1531 IRC is a communication module for SIMATIC S7-1500, S7-400, S7-300 and SINAUT ST7, DNP3 and IEC 60870-5-101/104, with three RJ45 interfaces for passing through IP-based networks (WAN/ LAN) and an RS 232/RS 485 interface for communication via a classic WAN network. A denial of service vulnerability exists in Siemens Industrial products. Attackers can exploit this vulnerability to denial of service in the device

Trust: 2.16

sources: NVD: CVE-2021-44694 // JVNDB: JVNDB-2021-020592 // CNVD: CNVD-2022-87983

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-87983

AFFECTED PRODUCTS

vendor:siemensmodel:simatic s7-1500 cpu 1517tf-3scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 12 1217cscope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1513r-1scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 15prof-2scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu cpu 1513prof-2scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic et 200 sp open controller cpu 1515sp pcscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1211cscope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511f-1scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1214cscope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1510spscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515tf-2scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516-3 pn\/dpscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1513-1 pnscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515t-2scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1508s fscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515-2 pnscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1517-3 pn\/dpscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515f-2 pnscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 12 1214cscope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:tim 1531 ircscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1214 fcscope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1508sscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 151511f-1scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518f-4scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 12 1215fcscope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1512cscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516-3 pnscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511t-1scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1513-1scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516f-3 pn\/dpscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 151511c-1scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:siplus et 200sp cp 1543sp-1 isecscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518-4scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518tf-4scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1512sp-1scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 12 1212cscope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-plcsim advancedscope:ltversion:5.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 15pro-2scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516pro fscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:siplus s7-1200 cp 1243-1 railscope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1512spf-1scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516-3 dpscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515r-2scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu cpu 1513pro-2scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511-1scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516t-3scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1510sp-1scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516-3scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511cscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1517-3 dpscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518hf-4scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516pro-2scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1513f-1scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:siplus et 200sp cp 1543sp-1 isec tx railscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:siplus et 200sp cp 1542sp-1 irc tx railscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515-2scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:siplus s7-1200 cp 1243-1scope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1214fcscope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1217cscope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1512c-1scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 12 1214fcscope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511f-1 pnscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511tf-1scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1215fcscope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518-4 pn\/dp mfpscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1212cscope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511c-1scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1507s fscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1513f-1 pnscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1212fcscope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518-4 pn\/dpscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1517f-3 pn\/dpscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1215 fcscope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516f-3scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516tf-3scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1517-3 pnscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518t-4scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 12 1211cscope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1215cscope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518-4 dpscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 12 1215cscope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 software controllerscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511-1 pnscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518-4 pnscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518f-4 pn\/dpscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1517-3scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515f-2scope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1507sscope:ltversion:3.0.1

Trust: 1.0

vendor:siemensmodel:siplus tim 1531 ircscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 12 1212fcscope:ltversion:4.6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1517f-3scope:ltversion:3.0.1

Trust: 1.0

vendor:シーメンスmodel:simatic s7-1200 cpu 1212cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpu 12 1215fcscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpu 1217cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpu 12 1211cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpu 1212fcscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpu 12 1214fcscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpu 1215cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpu 12 1214cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpu 1215 fcscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpu 12 1215cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpu 1214fcscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siplus s7-1200 cp 1243-1 railscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-plcsim advancedscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpu 12 1212fcscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpu 12 1217cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpu 1214cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpu 1214 fcscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpu 1211cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpu 12 1212cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpu 1215fcscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic et 200sp open controller cpu 1515sp pc2scope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic drive controller familyscope:ltversion:v3.0.1

Trust: 0.6

sources: CNVD: CNVD-2022-87983 // JVNDB: JVNDB-2021-020592 // NVD: CVE-2021-44694

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2021-44694
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2021-44694
value: HIGH

Trust: 1.0

OTHER: JVNDB-2021-020592
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2022-87983
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202212-2985
value: HIGH

Trust: 0.6

CNVD: CNVD-2022-87983
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2021-44694
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 4.2
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2021-44694
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2021-020592
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-87983 // JVNDB: JVNDB-2021-020592 // CNNVD: CNNVD-202212-2985 // NVD: CVE-2021-44694 // NVD: CVE-2021-44694

PROBLEMTYPE DATA

problemtype:CWE-1287

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:Improper validation for input of specified type (CWE-1287) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-020592 // NVD: CVE-2021-44694

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-2985

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202212-2985

PATCH

title:Patch for Siemens Industrial Product Denial of Service Vulnerability (CNVD-2022-87983)url:https://www.cnvd.org.cn/patchInfo/show/372471

Trust: 0.6

title:Siemens SIMATIC Drive Controller Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=245495

Trust: 0.6

sources: CNVD: CNVD-2022-87983 // CNNVD: CNNVD-202212-2985

EXTERNAL IDS

db:NVDid:CVE-2021-44694

Trust: 3.8

db:SIEMENSid:SSA-382653

Trust: 3.0

db:ICS CERTid:ICSA-22-349-03

Trust: 1.4

db:JVNid:JVNVU91561630

Trust: 0.8

db:JVNDBid:JVNDB-2021-020592

Trust: 0.8

db:CNVDid:CNVD-2022-87983

Trust: 0.6

db:CNNVDid:CNNVD-202212-2985

Trust: 0.6

sources: CNVD: CNVD-2022-87983 // JVNDB: JVNDB-2021-020592 // CNNVD: CNNVD-202212-2985 // NVD: CVE-2021-44694

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf

Trust: 2.4

url:https://jvn.jp/vu/jvnvu91561630/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-44694

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-03

Trust: 0.8

url:https://cert-portal.siemens.com/productcert/html/ssa-382653.html

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2021-44694/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-349-03

Trust: 0.6

url:https://vigilance.fr/vulnerability/siemens-simatic-four-vulnerabilities-40092

Trust: 0.6

sources: CNVD: CNVD-2022-87983 // JVNDB: JVNDB-2021-020592 // CNNVD: CNNVD-202212-2985 // NVD: CVE-2021-44694

CREDITS

Gao Jian reported these vulnerabilities to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202212-2985

SOURCES

db:CNVDid:CNVD-2022-87983
db:JVNDBid:JVNDB-2021-020592
db:CNNVDid:CNNVD-202212-2985
db:NVDid:CVE-2021-44694

LAST UPDATE DATE

2024-08-14T12:47:24.800000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-87983date:2022-12-16T00:00:00
db:JVNDBid:JVNDB-2021-020592date:2023-11-29T01:31:00
db:CNNVDid:CNNVD-202212-2985date:2023-07-12T00:00:00
db:NVDid:CVE-2021-44694date:2023-09-12T10:15:13.027

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-87983date:2022-12-16T00:00:00
db:JVNDBid:JVNDB-2021-020592date:2023-11-29T00:00:00
db:CNNVDid:CNNVD-202212-2985date:2022-12-13T00:00:00
db:NVDid:CVE-2021-44694date:2022-12-13T16:15:14.840