CVE-2021-40365

high-risk
Published 2022-12-13

Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.

Do I need to act?

-
0.19% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Simatic S7-Plcsim Advanced Firmware
Simatic S7-1200 Cpu 1211C Firmware
Simatic S7-1200 Cpu 1212C Firmware
Simatic S7-1200 Cpu 1212Fc Firmware
Simatic S7-1200 Cpu 1214 Fc Firmware
Simatic S7-1200 Cpu 1214C Firmware
Simatic S7-1200 Cpu 1214Fc Firmware
Simatic S7-1200 Cpu 1215 Fc Firmware
Simatic S7-1200 Cpu 1215C Firmware
Simatic S7-1200 Cpu 1215Fc Firmware
Simatic S7-1200 Cpu 1217C Firmware
Simatic S7-1200 Cpu 12 1211C Firmware
Simatic S7-1200 Cpu 12 1212C Firmware
Simatic S7-1200 Cpu 12 1212Fc Firmware
Simatic S7-1200 Cpu 12 1214C Firmware
Simatic S7-1200 Cpu 12 1214Fc Firmware
Simatic S7-1200 Cpu 12 1215C Firmware
Simatic S7-1200 Cpu 12 1215Fc Firmware
Simatic S7-1200 Cpu 12 1217C Firmware
Siplus S7-1200 Cp 1243-1 Rail Firmware

Affected Vendors

Siemens

References (2)

Patch https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf
Patch https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf
57
/ 100
high-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 30/34 · Critical