-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# SSA-676775: Denial-of-Service Vulnerability in SIMATIC NET CP 343-1 Devices

Publication Date:        2021-05-11
Last Update:             2021-05-11
Current Version:         1.0
CVSS v3.1 Base Score:    7.5

SUMMARY
=======

A vulnerability in SIMATIC CP343-1 devices could allow an attacker to
cause a Denial-of-Service condition on TCP port 102 of the affected
devices by sending specially crafted packets.

Siemens recommends specific countermeasures for products where updates
are not, or not yet available.


AFFECTED PRODUCTS AND SOLUTION
==============================


* SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) 
  - Affected versions:
       All versions
  - Remediation:
        See recommendations from section Workarounds and Mitigations

* SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) 
  - Affected versions:
       All versions
  - Remediation:
        See recommendations from section Workarounds and Mitigations

* SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) 
  - Affected versions:
       All versions
  - Remediation:
        See recommendations from section Workarounds and Mitigations


WORKAROUNDS AND MITIGATIONS
===========================

Siemens has identified the following specific workarounds and mitigations that
customers can apply to reduce the risk:

* Limit access to TCP port 102 on affected devices to specific IP
addresses e.g. with a firewall



GENERAL SECURITY RECOMMENDATIONS
================================

As a general security measure, Siemens strongly recommends to protect
network access to devices with appropriate mechanisms. In order to
operate the devices in a protected IT environment, Siemens recommends to
configure the environment according to Siemens' operational guidelines
for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security),
and to follow the recommendations in the product manuals.

Additional information on Industrial Security by Siemens can be found
at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION
===================

Communication Processor (CP) modules of families SIMATIC NET CP 343-1
and CP 443-1 have been designed to enable SIMATIC S7-300/S7-400 CPUs for
Ethernet communication.

VULNERABILITY CLASSIFICATION
============================

The vulnerability classification has been performed by using the CVSS scoring
system in version 3.1 (CVSS v3.1) (https://www.first.org/cvss/). The CVSS
environmental score is specific to the customer's environment and will impact
the overall CVSS score. The environmental score should therefore be
individually defined by the customer to accomplish final scoring.

An additional classification has been performed using the CWE classification, a
community-developed list of common software security weaknesses. This serves as
a common language and as a baseline for weakness identification, mitigation,
and prevention efforts. A detailed list of CWE classes can be found at:
https://cwe.mitre.org/.



* Vulnerability CVE-2020-25242

  Specially crafted packets sent to TCP port 102 could cause a
  Denial-of-Service condition on the affected devices. A cold restart
  might be necessary in order to recover.

  CVSS v3.1 Base Score: 7.5
  CVSS Vector:          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:U
  CWE:                  CWE-400: Uncontrolled Resource Consumption




ADDITIONAL INFORMATION
======================

For further inquiries on security vulnerabilities in Siemens products and
solutions, please contact the Siemens ProductCERT:

https://www.siemens.com/cert/advisories


HISTORY DATA
============

V1.0 (2021-05-11): Publication Date

TERMS OF USE
============

Siemens Security Advisories are subject to the terms and conditions contained
in Siemens' underlying license terms or other applicable agreements previously
agreed to with Siemens (hereinafter "License Terms"). To the extent applicable
to information, software or documentation made available in or through a
Siemens Security Advisory, the Terms of Use of Siemens' Global Website
(https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in
particular Sections 8-10 of the Terms of Use, shall apply additionally. In case
of conflicts, the License Terms shall prevail over the Terms of Use.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEElTRCLAVwzKf/b8X80/SB6hFKr+QFAmCZyQAACgkQ0/SB6hFK
r+QdnxAAhwpgCIId0PKkKSvvyiUROb9/qLC8e4Vq9k+wwL2Gr2NCpmbzGy9kyjTX
FTlcmyTZ3bwJWFS0+0xp1UWJdRJ0QRU3UxZ+yffF3RCLIF1Z3/QVtqbHgv5YayUC
e7CG2HOfnu/kyTzsMX7EdaEvVFNk4PPomgxGp/N1Hqi21JKGHUd456TIaRpX6m9R
26K2vh4qfs4j8wzkuWM36o1P9eY64PzR8HhlnAKwnwh9ZirybRCxentR1FmcoF8H
H3qiPeMYW0x4nJI9olrj2EsSodF/13vJ5x2QfWaZIg878N/KKsy/MZQHW2DU7R6O
0t9CpT7jt30i22W/yNVH30Hjp8mq5wRFjxXd9EOo2oW8ZeworXHMusgZbnQH5NRt
fBXd0aSGsUxLmRokD/fiK9oSkfZMNs0+gY4Usv59SGicYa207WR6jcMcbtlGGaBj
gJMn48gtcA4xTRf+Jm99ORy5mgzxN4P4WOcC1R/CEOGefBMPbccL0TVb9bgyCMAG
RAl14eTI4T66/xi8lsho9bPzE1sB81VtKQW/ZX+1V+42JcBnlbChips7K1WfOob2
Ymri6WA2tZlgb5SoQFqWV3uWgDjvOH5XEnvg58QyNnJM3zE4aXEU6i4XG5lt8Fd+
1pOQ4dIF3P/ToXakKiYkgubqIIgy32cWonYW9wqyZBeChAqK4EU=
=xNSG
-----END PGP SIGNATURE-----