As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1200 CPU Family
- Vulnerabilities: Improper Resource Shutdown or Release, Improper Validation of Syntactic Correctness of Input
2. RISK EVALUATION
The affected devices do not correctly process certain special crafted packets sent to Port 80/tcp and Port 102/tcp, which could allow an attacker to cause a denial of service in the device.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports the following products are affected:
- Siemens SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-2XB0): vers:all/<V4.7
- Siemens SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-2XB0): vers:all/<V4.7
- Siemens SIPLUS S7-1200 CPU 1214FC DC/DC/DC (6AG1214-1AF40-5XB0): vers:all/<V4.7
- Siemens SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL (6AG2214-1AG40-1XB0): vers:all/<V4.7
- Siemens SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-5XB0): vers:all/<V4.7
- Siemens SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-2XB0): vers:all/<V4.7
- Siemens SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0): vers:all/<V4.7
- Siemens SIMATIC S7-1200 CPU 1215C AC/DC/Rly (6ES7215
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: