CVE-2011-20001

Summary

A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions < V2.0.3), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions < V2.0.3). The web server interface of affected devices improperly processes incoming malformed HTTP traffic at high rate. This could allow an unauthenticated remote attacker to force the device entering the stop/defect state, thus creating a denial of service condition.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants)0 < V2.0.3affected
SiemensSIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants)0 < V2.0.3affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References