Full Report
A denial of service vulnerability was identified in different types of Communication Processors. An attacker could exploit this vulnerability causing the device to become un-operational until the device is restarted. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
Analysis Summary
# Vulnerability: Denial-of-Service in SIMATIC NET CP Modules
## CVE Details
- **CVE ID:** CVE-2021-33737
- **CVSS Score:** 7.5 (High)
- **CWE:** CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
## Affected Systems
### Products
- **SIMATIC CP 343-1** (including SIPLUS variants)
- **SIMATIC CP 343-1 Advanced** (including SIPLUS variants)
- **SIMATIC CP 343-1 ERPC** (6GK7343-1FX00-0XE0)
- **SIMATIC CP 343-1 Lean** (including SIPLUS variants)
- **SIMATIC CP 443-1** (6GK7443-1EX30-0XE0 / 6GK7443-1EX30-0XE1)
- **SIMATIC CP 443-1 Advanced** (6GK7443-1GX30-0XE0)
- **SIPLUS NET CP 443-1** (6AG1443-1EX30-4XE0)
- **SIPLUS NET CP 443-1 Advanced** (6AG1443-1GX30-4XE0)
### Versions
- **CP 343 family:** All versions (No fix planned)
- **CP 443-1 family:** All versions prior to V3.3
### Configurations
- Vulnerability is accessible if the device has port **102/tcp** open and reachable.
## Vulnerability Description
The vulnerability stems from improper memory buffer boundary restriction (CWE-119). An attacker can trigger a Denial of Service (DoS) condition by sending a specially crafted packet to port 102/tcp. Specifically, for the communication processors listed, this packet causes the device to enter an un-operational state, requiring a manual restart to restore functionality.
## Exploitation
- **Status:** PoC available (indicated by CVSS "E:P" exploit code)
- **Complexity:** Low
- **Attack Vector:** Network
## Impact
- **Confidentiality:** None
- **Integrity:** None
- **Availability:** High (Device becomes un-operational until physical/manual restart)
## Remediation
### Patches
Siemens recommends updating the following modules to **V3.3 or later**:
- SIMATIC CP 443-1 (6GK7443-1EX30-0XE0 and 6GK7443-1EX30-0XE1)
- SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0)
- SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0)
- SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0)
### Workarounds
For products where no fix is planned (CP 343-1 family) or before patches are applied:
- **Restrict Access:** Limit access to port 102/tcp to trusted users and known authorized management systems only.
- **Network Segmentation:** Implement Siemens' operational guidelines for Industrial Security to isolate affected devices within a protected IT/OT environment.
## Detection
- **Indicators of Compromise:** Device becomes unresponsive to network traffic and control commands; port 102/tcp may stop responding.
- **Detection Methods:** Monitor network traffic for malformed packets targeting port 102/tcp on SIMATIC CP modules.
## References
- **Vendor Advisory:** hxxps://cert-portal[.]siemens[.]com/productcert/pdf/ssa-549234[.]pdf
- **Technical Support:** hxxps://support[.]industry[.]siemens[.]com/cs/ww/en/view/109817938/
- **Industrial Security Guidelines:** hxxps://www[.]siemens[.]com/cert/operational-guidelines-industrial-security