CVE-2021-33737

Summary

A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3). Sending a specially crafted packet to port 102/tcp of an affected device could cause a denial of service condition. A restart is needed to restore normal operations.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC CP 343-1 (incl. SIPLUS variants)All versionsaffected
SiemensSIMATIC CP 343-1 Advanced (incl. SIPLUS variants)All versionsaffected
SiemensSIMATIC CP 343-1 ERPCAll versionsaffected
SiemensSIMATIC CP 343-1 Lean (incl. SIPLUS variants)All versionsaffected
SiemensSIMATIC CP 443-1All versions < V3.3affected
SiemensSIMATIC CP 443-1All versions < V3.3affected
SiemensSIMATIC CP 443-1 AdvancedAll versions < V3.3affected
SiemensSIPLUS NET CP 443-1All versions < V3.3affected
SiemensSIPLUS NET CP 443-1 AdvancedAll versions < V3.3affected

Weaknesses

  • CWE-119: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

ADP Enrichment

CVE Program Container

Additional References

References