CVE-2021-33737 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-33737 PUBLISHED CVSS 7.5 HIGH

A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3). Sending a specially crafted packet to port 102/tcp of an affected device could cause a denial of service condition. A restart is needed to restore normal operations.

EPSS 0.23% · 45.4th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C

EPSS Score

0.23%

45.4th percentile

Affected Products

Vendor	Product	Versions
Siemens	SIMATIC CP 443-1	All versions < V3.3, All versions < V3.3
Siemens	SIMATIC CP 343-1 (incl. SIPLUS variants)	All versions
siemens	simatic_cp_343-1_erpc_firmware
siemens	simatic_cp_343-1_advanced_firmware
Siemens	SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)	All versions
siemens	simatic_cp_443-1_advanced_firmware
siemens	simatic_cp_443-1_firmware
Siemens	SIPLUS NET CP 443-1 Advanced	All versions < V3.3
siemens	simatic_cp_343-1_firmware
Siemens	SIMATIC CP 343-1 ERPC	All versions
siemens	simatic_cp_343-1_lean_firmware
Siemens	SIMATIC CP 343-1 Lean (incl. SIPLUS variants)	All versions
Siemens	SIPLUS NET CP 443-1	All versions < V3.3
Siemens	SIMATIC CP 443-1 Advanced	All versions < V3.3

Timeline

Apr 13, 2021 CVE Published
Sep 15, 2021 EPSS Score
Oct 5, 2021 EPSS Score
Oct 11, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Jan 7, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 5, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jun 26, 2022 EPSS Score
Aug 23, 2022 EPSS Score
Oct 19, 2022 EPSS Score

References

…and 2 more

Open in Interactive Console →