As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 8.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-200 SMART devices
- Vulnerability: Use of Insufficiently Random Values
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to create a denial-of-service condition.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Siemens programmable logic controllers are affected:
- Siemens SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0): All versions
- Siemens SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0): All versions
- Siemens SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0): All versions
- Siemens SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1): All versions
- Siemens SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0): All versions
- Siemens SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1): All versions
- Siemens SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0): All versions
- Siemens SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1): All versions
- Siemens SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0): All versions
- Siemens SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1): All versions
- Siemens SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0): All versions
- Siemens SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1): All versions
- Siemens SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0): All versions
- Siemens SIMATIC S7-200 SMART
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: