CVE-2021-37205 is a vulnerability in Siemens Simatic S7 1500 Software Controller
Published on February 9, 2022

A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.

NVD

Weakness Type

What is a Memory Leak Vulnerability?

The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions. In some languages, developers are responsible for tracking memory allocation and releasing the memory. If there are no more pointers or references to the memory, then it can no longer be tracked and identified for release.

CVE-2021-37205 has been classified to as a Memory Leak vulnerability or weakness.

Products Associated with CVE-2021-37205

Want to know whenever a new CVE is published for Siemens Simatic S7 1500 Software Controller? stack.watch will email you.

Siemens Simatic S7 1500 Software Controller

Affected Versions

Siemens SIMATIC Drive Controller family:

Version All versions >= V2.9.2 < V2.9.4 is affected.

Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants):

Version All versions >= V21.9 < V21.9.4 is affected.

Siemens SIMATIC S7-1200 CPU family (incl. SIPLUS variants):

Version All versions >= V4.5.0 < V4.5.2 is affected.

Siemens SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants):

Version All versions >= V2.9.2 < V2.9.4 is affected.

Siemens SIMATIC S7-1500 Software Controller:

Version All versions >= V21.9 < V21.9.4 is affected.

Siemens SIMATIC S7-PLCSIM Advanced:

Version All versions >= V4.0 < V4.0 SP1 is affected.

Siemens SIPLUS TIM 1531 IRC:

Version All versions < V2.3.6 is affected.

Siemens TIM 1531 IRC:

Version All versions < V2.3.6 is affected.

Exploit Probability

EPSS

1.14%

Percentile

78.16%