Siemens SIMATIC S7-200 SMART Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 8.8
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Siemens
  • Equipment: SIMATIC S7-200 SMART devices
  • Vulnerability: Use of Insufficiently Random Values

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to create a denial-of-service condition.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Siemens programmable logic controllers are affected:

  • Siemens SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0): All versions
  • Siemens SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0): All versions
  • Siemens SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0): All versions
  • Siemens SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1): All versions
  • Siemens SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0): All versions
  • Siemens SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1): All versions
  • Siemens SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0): All versions
  • Siemens SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1): All versions
  • Siemens SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0): All versions
  • Siemens SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1): All versions
  • Siemens SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0): All versions
  • Siemens SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1): All versions
  • Siemens SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0): All versions
  • Siemens SIMATIC S7-200 SMART

    […]
    Content was cut in order to protect the source.Please visit the source for the rest of the article.

    This article has been indexed from All CISA Advisories

    Read the original article: