CVE-2021-31340

Summary

A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions < V2.0), SIMATIC Reader RF610R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF610R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF610R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF615R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF615R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF615R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF650R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF650R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF680R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF680R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF685R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF685R FCC (All versions > V3.0 < V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC RF166CAll versions > V1.1 and < V1.3.2affected
SiemensSIMATIC RF185CAll versions > V1.1 and < V1.3.2affected
SiemensSIMATIC RF186CAll versions > V1.1 and < V1.3.2affected
SiemensSIMATIC RF186CIAll versions > V1.1 and < V1.3.2affected
SiemensSIMATIC RF188CAll versions > V1.1 and < V1.3.2affected
SiemensSIMATIC RF188CIAll versions > V1.1 and < V1.3.2affected
SiemensSIMATIC RF360RAll versions < V2.0affected
SiemensSIMATIC Reader RF610R CMIITAll versions > V3.0 < V4.0affected
SiemensSIMATIC Reader RF610R ETSIAll versions > V3.0 < V4.0affected
SiemensSIMATIC Reader RF610R FCCAll versions > V3.0 < V4.0affected
SiemensSIMATIC Reader RF615R CMIITAll versions > V3.0 < V4.0affected
SiemensSIMATIC Reader RF615R ETSIAll versions > V3.0 < V4.0affected
SiemensSIMATIC Reader RF615R FCCAll versions > V3.0 < V4.0affected
SiemensSIMATIC Reader RF650R ARIBAll versions > V3.0 < V4.0affected
SiemensSIMATIC Reader RF650R CMIITAll versions > V3.0 < V4.0affected
SiemensSIMATIC Reader RF650R ETSIAll versions > V3.0 < V4.0affected
SiemensSIMATIC Reader RF650R FCCAll versions > V3.0 < V4.0affected
SiemensSIMATIC Reader RF680R ARIBAll versions > V3.0 < V4.0affected
SiemensSIMATIC Reader RF680R CMIITAll versions > V3.0 < V4.0affected
SiemensSIMATIC Reader RF680R ETSIAll versions > V3.0 < V4.0affected
SiemensSIMATIC Reader RF680R FCCAll versions > V3.0 < V4.0affected
SiemensSIMATIC Reader RF685R ARIBAll versions > V3.0 < V4.0affected
SiemensSIMATIC Reader RF685R CMIITAll versions > V3.0 < V4.0affected
SiemensSIMATIC Reader RF685R ETSIAll versions > V3.0 < V4.0affected
SiemensSIMATIC Reader RF685R FCCAll versions > V3.0 < V4.0affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

References