ID
VAR-202409-0292
CVE
CVE-2024-43647
TITLE
Siemens SIMATIC S7-200 SMART Devices Denial of Service Vulnerability
Trust: 0.6
DESCRIPTION
A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) (All versions). Affected devices do not properly handle TCP packets with an incorrect structure. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the network cable of the device needs to be unplugged and re-plugged. The S7-200 SMART series is a series of micro programmable logic controllers that can control a variety of small automation applications
Trust: 1.44
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | siemens | model: | simatic s7-200 smart cpu st30 | scope: | - | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | simatic s7-200 smart cpu st40 | scope: | - | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | simatic s7-200 smart cpu st60 | scope: | - | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | simatic s7-200 smart cpu sr20 | scope: | - | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | simatic s7-200 smart cpu sr30 | scope: | - | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | simatic s7-200 smart cpu sr40 | scope: | - | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | simatic s7-200 smart cpu sr60 | scope: | - | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | simatic s7-200 smart cpu st20 | scope: | - | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | simatic s7-200 smart cpu cr40 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | siemens | model: | simatic s7-200 smart cpu cr60 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-400 | Trust: 1.0 |
PATCH
| title: | Patch for Siemens SIMATIC S7-200 SMART Devices Denial of Service Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/590381 | Trust: 0.6 |
EXTERNAL IDS
| db: | SIEMENS | id: | SSA-969738 | Trust: 1.6 |
| db: | NVD | id: | CVE-2024-43647 | Trust: 1.6 |
| db: | CNVD | id: | CNVD-2024-38004 | Trust: 0.6 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/html/ssa-969738.html | Trust: 1.6 |
SOURCES
| db: | CNVD | id: | CNVD-2024-38004 |
| db: | NVD | id: | CVE-2024-43647 |
LAST UPDATE DATE
2024-09-14T22:48:01.845000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2024-38004 | date: | 2024-09-12T00:00:00 |
| db: | NVD | id: | CVE-2024-43647 | date: | 2024-09-10T12:09:50.377 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2024-38004 | date: | 2024-09-13T00:00:00 |
| db: | NVD | id: | CVE-2024-43647 | date: | 2024-09-10T10:15:12.650 |