A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) (All versions). Affected devices do not properly handle TCP packets with an incorrect structure. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the network cable of the device needs to be unplugged and re-plugged.
History

Tue, 10 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens simatic S7-200 Smart Cpu Cr20s
Siemens simatic S7-200 Smart Cpu Cr30s
Siemens simatic S7-200 Smart Cpu Cr40
Siemens simatic S7-200 Smart Cpu Cr40s
Siemens simatic S7-200 Smart Cpu Cr60
Siemens simatic S7-200 Smart Cpu Cr60s
Siemens simatic S7-200 Smart Cpu Sr20
Siemens simatic S7-200 Smart Cpu Sr30
Siemens simatic S7-200 Smart Cpu Sr40
Siemens simatic S7-200 Smart Cpu Sr60
Siemens simatic S7-200 Smart Cpu St20
Siemens simatic S7-200 Smart Cpu St30
Siemens simatic S7-200 Smart Cpu St40
Siemens simatic S7-200 Smart Cpu St60
CPEs cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_cr20s:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_cr30s:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_cr40:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_cr40s:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_cr60:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_cr60s:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_sr20:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_sr30:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_sr40:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_sr60:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_st20:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_st30:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_st40:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_st60:-:*:*:*:*:*:*:*
Vendors & Products Siemens
Siemens simatic S7-200 Smart Cpu Cr20s
Siemens simatic S7-200 Smart Cpu Cr30s
Siemens simatic S7-200 Smart Cpu Cr40
Siemens simatic S7-200 Smart Cpu Cr40s
Siemens simatic S7-200 Smart Cpu Cr60
Siemens simatic S7-200 Smart Cpu Cr60s
Siemens simatic S7-200 Smart Cpu Sr20
Siemens simatic S7-200 Smart Cpu Sr30
Siemens simatic S7-200 Smart Cpu Sr40
Siemens simatic S7-200 Smart Cpu Sr60
Siemens simatic S7-200 Smart Cpu St20
Siemens simatic S7-200 Smart Cpu St30
Siemens simatic S7-200 Smart Cpu St40
Siemens simatic S7-200 Smart Cpu St60
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 10 Sep 2024 09:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) (All versions). Affected devices do not properly handle TCP packets with an incorrect structure. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the network cable of the device needs to be unplugged and re-plugged.
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:T/RC:C'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2024-09-10T09:36:49.879Z

Updated: 2024-09-10T14:52:35.401Z

Reserved: 2024-08-14T05:49:17.278Z

Link: CVE-2024-43647

cve-icon Vulnrichment

Updated: 2024-09-10T14:52:26.897Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-10T10:15:12.650

Modified: 2024-09-10T12:09:50.377

Link: CVE-2024-43647

cve-icon Redhat

No data.