Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2021-40368

Disclosure Date: April 12, 2022 •

CVE-2021-40368

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions < V10.1), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions < V8.2.3), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Affected devices improperly handle specially crafted packets sent to port 102/tcp.

This could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

SIMATIC S7-400 CPU 412-1 DP V7 All versions

SIMATIC S7-400 CPU 412-2 DP V7 All versions

SIMATIC S7-400 CPU 412-2 PN/DP V7 All versions < V7.0.3

SIMATIC S7-400 CPU 414-2 DP V7 All versions

SIMATIC S7-400 CPU 414-3 DP V7 All versions

SIMATIC S7-400 CPU 414-3 PN/DP V7 All versions < V7.0.3

SIMATIC S7-400 CPU 414F-3 PN/DP V7 All versions < V7.0.3

SIMATIC S7-400 CPU 416-2 DP V7 All versions

SIMATIC S7-400 CPU 416-3 DP V7 All versions

SIMATIC S7-400 CPU 416-3 PN/DP V7 All versions < V7.0.3

SIMATIC S7-400 CPU 416F-2 DP V7 All versions

SIMATIC S7-400 CPU 416F-3 PN/DP V7 All versions < V7.0.3

SIMATIC S7-400 CPU 417-4 DP V7 All versions

SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) All versions < V6.0.10

SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) All versions < V10.1

SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) All versions < V8.2.3

SIPLUS S7-400 CPU 414-3 PN/DP V7 All versions < V7.0.3

SIPLUS S7-400 CPU 416-3 PN/DP V7 All versions < V7.0.3

SIPLUS S7-400 CPU 416-3 V7 All versions

SIPLUS S7-400 CPU 417-4 V7 All versions

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

siemens

Products

References

Canonical

CVE-2021-40368 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40368)

Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-557541.pdf

Rapid7

Unknown

CVE-2021-40368

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2021-40368

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Unknown

CVE-2021-40368

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2021-40368

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification