Siemens SIMATIC S7-200 SMART Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 8.7
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Siemens
  • Equipment: SIMATIC S7-200 SMART Devices
  • Vulnerability: Uncontrolled Resource Consumption

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Siemens SIMATIC S7-200 SMART Devices are affected:

  • SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0): All versions
  • SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0): All Versions
  • SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0): All Versions
  • SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1): All Versions
  • SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0): All Versions
  • SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1): All Versions
  • SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0): All Versions
  • SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1): All Versions
  • SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0): All Versions
  • SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1): All Versions
  • SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0): All Versions
  • SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1): All Versions
  • SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0): All Versions
  • SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1): All Versions
  • SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0): All

    […]
    Content was cut in order to protect the source.Please visit the source for the rest of the article.

    This article has been indexed from All CISA Advisories

    Read the original article: