Denial-of-Service Vulnerability in SIMATIC NET CP Modules
Plan Patch7.5SSA-549234Sep 14, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A denial-of-service vulnerability in Siemens SIMATIC NET CP communication processor modules allows an attacker to send malformed network traffic causing the device to become unresponsive until manually restarted. This affects availability and continuity of network-based automation and control systems. CP 343-1 variants (all versions) have no fix available; CP 443-1 and related modules are fixed in firmware version 3.3 and later.
What this means
What could happen
An attacker could send specially crafted network traffic to the CP module causing it to become unresponsive and stop processing communications until someone manually restarts it, interrupting your network connectivity and any dependent automation.
Who's at risk
Water and power utilities with Siemens SIMATIC CP 343-1 or CP 443-1 communication processor modules should care. These modules connect PLCs and automation equipment to plant networks and industrial Ethernet. Organizations running any CP 343-1 variant (all unfixed versions) and CP 443-1 models with firmware older than v3.3 are at risk.
How it could be exploited
An attacker on the network sends malformed packets to the CP module's network interface. The module crashes or hangs due to improper input validation, requiring a manual restart to restore network operations. No credentials or special access are needed—the attack can be launched from anywhere with network connectivity to the device.
Prerequisites
- Network access to the CP module (typically port 102 for S7 communication or Ethernet port)
- No authentication required
remotely exploitableno authentication requiredlow complexity attackno fix available for CP 343-1 variantshigh availability impactaffects network connectivity to critical systems
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (8)
4 with fix4 EOL
ProductAffected VersionsFix Status
SIMATIC CP 443-1< V3.33.3
SIMATIC CP 443-1 Advanced< V3.33.3
SIPLUS NET CP 443-1< V3.33.3
SIPLUS NET CP 443-1 Advanced< V3.33.3
SIMATIC CP 343-1 (incl. SIPLUS variants)All versionsNo fix (EOL)
SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)All versionsNo fix (EOL)
SIMATIC CP 343-1 ERPCAll versionsNo fix (EOL)
SIMATIC CP 343-1 Lean (incl. SIPLUS variants)All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1HARDENINGFor CP 343-1 variants (all versions) where no fix is available, implement network segmentation and firewall rules to restrict access to the CP module to trusted engineering and automation networks only
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
SIMATIC CP 443-1
HOTFIXUpdate SIMATIC CP 443-1 and CP 443-1 Advanced modules to firmware version 3.3 or later
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: SIMATIC CP 343-1 (incl. SIPLUS variants), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants), SIMATIC CP 343-1 ERPC, SIMATIC CP 343-1 Lean (incl. SIPLUS variants). Apply the following compensating controls:
HARDENINGDisable or restrict unused communication ports on the CP module if not required for operations
HARDENINGMonitor CP module availability and set up alerts for unexpected restarts, indicating possible attacks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/132332f1-1bbc-44b6-8594-fdfd95234f1d