Siemens SIMATIC Industrial Products Operation On a Resource After Expiration or Release (CVE-2021-37204)

high Tenable OT Security Plugin ID 500614

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4Linux (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available:

- SIMATIC Drive Controller family: Update to v2.9.4 or later version

- SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): Update to v21.9.4 or later version

- SIMATIC S7-1200 CPU family: Update to v4.5.2 or later version
- SIMATIC S7-1500 CPU family: Update to v2.9.4 or later version

- SIMATIC S7-1500 Software Controller: Update to v21.9.4 or later version

- SIMATIC s7-PLCSIM Advanced: Update to v4.0 SP1 or later version

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security, and following the recommendations in the product manuals.

Additional information on industrial security by Siemens can be found at: https://www.siemens.com/industrialsecurity

For more information see Siemens Security Advisory SSA-838121

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdf

https://www.cisa.gov/news-events/ics-advisories/icsa-22-041-01

Plugin Details

Severity: High

ID: 500614

Version: 1.10

Type: remote

Family: Tenable.ot

Published: 3/21/2022

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2021-37204

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:simatic_s7-1200_cpu_1215c_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1511c-1_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1512sp-1_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1518f-4_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1512c-1_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1510sp_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1516pro-2_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1517-3_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1517f-3_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1513f-1_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1212c_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1518hf-4_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1518t-4_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1512spf-1_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1511tf-1_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1513-1_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_cpu_1513pro-2_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1211c_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1518tf-4_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1510sp-1_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1214c_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1511-1_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1517tf-3_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1215fc_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1515-2_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1515f-2_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1513r-1_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1516-3_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1214fc_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1516t-3_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1515r-2_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1511t-1_firmware, cpe:/o:siemens:simatic_drive_controller_cpu_1504d_tf_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1516f-3_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_cpu_1513prof-2_firmware, cpe:/o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1212fc_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1511f-1_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1516tf-3_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1516pro_f_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1515t-2_firmware, cpe:/o:siemens:simatic_drive_controller_cpu_1507d_tf_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1515tf-2_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1217c_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 2/9/2022

Vulnerability Publication Date: 2/9/2022

Reference Information

CVE: CVE-2021-37204

CWE: 672

ICSA: 22-041-01