Vulnetix
Try Vulnetix Request Demo
SSA-674753 PUBLISHED CVSS 7.5 HIGH

Siemens ET 200 devices contain a denial-of-service vulnerability that could be triggered by sending a valid S7 protocol Disconnect Request (COTP DR TPDU), causing the device to become unresponsive and require a power cycle to recover. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0)
SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0)
SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0)
SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0)
SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0)
SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0)
SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0)
SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0)
SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0)
SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0)
SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0)
SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0)
SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0)
SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)
SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0)
SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0)
SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0)

Timeline

References

Open in Interactive Console →