CVE-2024-35292
June 11, 2024, 1:54 p.m.
8.2
High
Description
A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) (All versions). Affected devices are using a predictable IP ID sequence number. This leaves the system susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack and eventually could allow an attacker to create a denial of service condition.
Product(s) Impacted
| Product | Versions |
|---|---|
| SIMATIC S7-200 SMART CPU |
|
| SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) |
|
| SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) |
|
| SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) |
|
| SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) |
|
| SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) |
|
| SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) |
|
| SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) |
|
| SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) |
|
| SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) |
|
| SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) |
|
| SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) |
|
| SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) |
|
| SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) |
|
| SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) |
|
| SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) |
|
| SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) |
|
| SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) |
|
| SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) |
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
Tags
CVSS Score
CVSS Data - 3.1
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Privileges Required: NONE
- Scope: UNCHANGED
- Confidentiality Impact: LOW
- Integrity Impact: NONE
- Availability Impact: HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Timeline
Published: June 11, 2024, 12:15 p.m.
Last Modified: June 11, 2024, 1:54 p.m.
Last Modified: June 11, 2024, 1:54 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
productcert@siemens.com
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.