OTPulse
FeedAboutContact

Denial-of-Service Vulnerability in SIMATIC NET CP 343-1 Devices

Monitor7.5SSA-676775May 11, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A denial-of-service vulnerability in SIMATIC NET CP 343-1 devices allows an attacker to crash or freeze the device's TCP port 102 by sending specially crafted packets. The vulnerability affects all versions of the Advanced, Lean, and Standard variants (including SIPLUS ruggedized versions). No vendor patch is available.

What this means
What could happen
An attacker could disrupt communication over TCP port 102, potentially stopping data transfer between your PLCs, HMIs, and engineering workstations, halting normal plant operations until the device is rebooted.
Who's at risk
Water authorities, electric utilities, and manufacturing plants using SIMATIC NET CP 343-1 communication modules (Advanced, Lean, or Standard variants) for PLC and industrial control network connectivity. This includes ruggedized SIPLUS versions used in harsh environments.
How it could be exploited
An attacker on your network or with internet access to port 102 sends specially crafted TCP packets to a CP 343-1 device. The device's TCP stack becomes unresponsive, blocking legitimate communications. The device must be rebooted to restore service.
Prerequisites
  • Network access to TCP port 102 on the CP 343-1 device
  • No credentials required
remotely exploitableno authentication requiredlow complexityno patch availablehigh CVSS score (7.5)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (3)
3 EOL
ProductAffected VersionsFix Status
SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants)All versionsNo fix (EOL)
SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants)All versionsNo fix (EOL)
SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants)All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict network access to TCP port 102 using firewall rules; only permit connections from known engineering workstations and control system devices
Mitigations - no patch available
0/3
The following products have reached End of Life with no planned fix: SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants). Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate CP 343-1 devices on a separate VLAN with restricted inter-VLAN routing
HARDENINGMonitor TCP port 102 for unusual traffic patterns or connection attempts from unexpected sources
HARDENINGFollow Siemens operational guidelines for Industrial Security and implement recommended network protections
View full Siemens ProductCERT advisory
โ†‘โ†“ Navigate ยท Esc Close
API: /api/v1/advisories/629df46a-0977-43d7-9462-622c895755b0
Denial-of-Service Vulnerability in SIMATIC NET CP 343-1 Devices | CVSS 7.5 - OTPulse