Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-31340

A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions < V2.0), SIMATIC Reader RF610R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF610R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF610R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF615R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF615R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF615R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF650R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF650R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF680R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF680R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF685R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF685R FCC (All versions > V3.0 < V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation.

Published

2021-06-08T20:15:08.853

Last Modified

2024-11-21T06:05:27.063

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-400
Type: Primary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	simatic_rf166c_firmware	< 1.3.2	Yes
Hardware	siemens	simatic_rf166c	-	No
Operating System	siemens	simatic_rf185c_firmware	< 1.3.2	Yes
Hardware	siemens	simatic_rf185c	-	No
Operating System	siemens	simatic_rf186c_firmware	< 1.3.2	Yes
Hardware	siemens	simatic_rf186c	-	No
Operating System	siemens	simatic_rf186ci_firmware	< 1.3.2	Yes
Hardware	siemens	simatic_rf186ci	-	No
Operating System	siemens	simatic_rf188c_firmware	< 1.3.2	Yes
Hardware	siemens	simatic_rf188c	-	No
Operating System	siemens	simatic_rf188ci_firmware	< 1.3.2	Yes
Hardware	siemens	simatic_rf188ci	-	No
Operating System	siemens	simatic_rf360r_firmware	< 2.0	Yes
Hardware	siemens	simatic_rf360r	-	No
Operating System	siemens	simatic_reader_rf610r_cmiit_firmware	< 4.0	Yes
Hardware	siemens	simatic_reader_rf610r_cmiit	-	No
Operating System	siemens	simatic_reader_rf610r_etsi_firmware	< 4.0	Yes
Hardware	siemens	simatic_reader_rf610r_etsi	-	No
Operating System	siemens	simatic_reader_rf610r_fcc_firmware	< 4.0	Yes
Hardware	siemens	simatic_reader_rf610r_fcc	-	No
Operating System	siemens	simatic_reader_rf615r_cmiit_firmware	< 4.0	Yes
Hardware	siemens	simatic_reader_rf615r_cmiit	-	No
Operating System	siemens	simatic_reader_rf615r_etsi_firmware	< 4.0	Yes
Hardware	siemens	simatic_reader_rf615r_etsi	-	No
Operating System	siemens	simatic_reader_rf615r_fcc_firmware	< 4.0	Yes
Hardware	siemens	simatic_reader_rf615r_fcc	-	No
Operating System	siemens	simatic_reader_rf650r_cmiit_firmware	< 4.0	Yes
Hardware	siemens	simatic_reader_rf650r_cmiit	-	No
Operating System	siemens	simatic_reader_rf650r_etsi_firmware	< 4.0	Yes
Hardware	siemens	simatic_reader_rf650r_etsi	-	No
Operating System	siemens	simatic_reader_rf650r_fcc_firmware	< 4.0	Yes
Hardware	siemens	simatic_reader_rf650r_fcc	-	No
Operating System	siemens	simatic_reader_rf650r_arib_firmware	< 4.0	Yes
Hardware	siemens	simatic_reader_rf650r_arib	-	No
Operating System	siemens	simatic_reader_rf680r_cmiit_firmware	< 4.0	Yes
Hardware	siemens	simatic_reader_rf680r_cmiit	-	No
Operating System	siemens	simatic_reader_rf680r_etsi_firmware	< 4.0	Yes
Hardware	siemens	simatic_reader_rf680r_etsi	-	No
Operating System	siemens	simatic_reader_rf680r_fcc_firmware	< 4.0	Yes
Hardware	siemens	simatic_reader_rf680r_fcc	-	No
Operating System	siemens	simatic_reader_rf680r_arib_firmware	< 4.0	Yes
Hardware	siemens	simatic_reader_rf680r_arib	-	No
Operating System	siemens	simatic_reader_rf685r_cmiit_firmware	< 4.0	Yes
Hardware	siemens	simatic_reader_rf685r_cmiit	-	No
Operating System	siemens	simatic_reader_rf685r_etsi_firmware	< 4.0	Yes
Hardware	siemens	simatic_reader_rf685r_etsi	-	No
Operating System	siemens	simatic_reader_rf685r_fcc_firmware	< 4.0	Yes
Hardware	siemens	simatic_reader_rf685r_fcc	-	No
Operating System	siemens	simatic_reader_rf685r_arib_firmware	< 4.0	Yes
Hardware	siemens	simatic_reader_rf685r_arib	-	No

References

https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf Mitigation, Patch, Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf Mitigation, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)