CVE-2021-31340

moderate-risk
Published 2021-06-08

A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions < V2.0), SIMATIC Reader RF610R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF610R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF610R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF615R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF615R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF615R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF650R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF650R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF680R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF680R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF685R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF685R FCC (All versions > V3.0 < V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation.

Do I need to act?

-
0.48% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Simatic Rf166C Firmware
Simatic Rf185C Firmware
Simatic Rf186C Firmware
Simatic Rf186Ci Firmware
Simatic Rf188C Firmware
Simatic Rf188Ci Firmware
Simatic Rf360R Firmware
Simatic Reader Rf610R Cmiit Firmware
Simatic Reader Rf610R Etsi Firmware
Simatic Reader Rf610R Fcc Firmware
Simatic Reader Rf615R Cmiit Firmware
Simatic Reader Rf615R Etsi Firmware
Simatic Reader Rf615R Fcc Firmware
Simatic Reader Rf650R Cmiit Firmware
Simatic Reader Rf650R Etsi Firmware
Simatic Reader Rf650R Fcc Firmware
Simatic Reader Rf650R Arib Firmware
Simatic Reader Rf680R Cmiit Firmware
Simatic Reader Rf680R Etsi Firmware
Simatic Reader Rf680R Fcc Firmware

Affected Vendors

Siemens

References (2)

Mitigation https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf
Mitigation https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf
49
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 21/34 · High