CVE-2021-40368

CVSS 7.5 · High EPSS 0.44% · P63 Updated Apr 29, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-40368

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions < V10.1), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions < V8.2.3), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

内存缓冲区边界内操作的限制不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

Siemens SIMATIC S7-400 缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Siemens SIMATIC S7-400是德国西门子（Siemens）公司的一款用于制造和过程自动化领域的可编程逻辑控制器产品。 Siemens SIMATIC S7-400 CPU 存在缓冲区错误漏洞，该漏洞源于产品缺少对于输入的验证。攻击者利用该漏洞可以进行拒绝服务攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Siemens	SIMATIC S7-400 CPU 412-1 DP V7	All versions	-
Siemens	SIMATIC S7-400 CPU 412-2 DP V7	All versions	-
Siemens	SIMATIC S7-400 CPU 412-2 PN/DP V7	All versions < V7.0.3	-
Siemens	SIMATIC S7-400 CPU 414-2 DP V7	All versions	-
Siemens	SIMATIC S7-400 CPU 414-3 DP V7	All versions	-
Siemens	SIMATIC S7-400 CPU 414-3 PN/DP V7	All versions < V7.0.3	-
Siemens	SIMATIC S7-400 CPU 414F-3 PN/DP V7	All versions < V7.0.3	-
Siemens	SIMATIC S7-400 CPU 416-2 DP V7	All versions	-
Siemens	SIMATIC S7-400 CPU 416-3 DP V7	All versions	-
Siemens	SIMATIC S7-400 CPU 416-3 PN/DP V7	All versions < V7.0.3	-
Siemens	SIMATIC S7-400 CPU 416F-2 DP V7	All versions	-
Siemens	SIMATIC S7-400 CPU 416F-3 PN/DP V7	All versions < V7.0.3	-
Siemens	SIMATIC S7-400 CPU 417-4 DP V7	All versions	-
Siemens	SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)	All versions < V6.0.10	-
Siemens	SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)	All versions < V10.1	-
Siemens	SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)	All versions < V8.2.3	-
Siemens	SIPLUS S7-400 CPU 414-3 PN/DP V7	All versions < V7.0.3	-
Siemens	SIPLUS S7-400 CPU 416-3 PN/DP V7	All versions < V7.0.3	-
Siemens	SIPLUS S7-400 CPU 416-3 V7	All versions	-
Siemens	SIPLUS S7-400 CPU 417-4 V7	All versions	-

II. Public POCs for CVE-2021-40368

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-40368

请登录查看更多情报信息。

Same Patch Batch · Siemens · 2022-04-12 · 25 CVEs total

CVE-2022-25622	5.3 MEDIUM	多款Siemens SIMATIC产品资源管理错误漏洞
CVE-2022-26334		Siemens SCALANCE安全漏洞
CVE-2022-28663		Siemens Simcenter Femap 缓冲区错误漏洞
CVE-2022-28662		Siemens Simcenter Femap 缓冲区错误漏洞
CVE-2022-28661		Siemens Simcenter Femap 缓冲区错误漏洞
CVE-2022-28329		Siemens SCALANCE输入验证错误漏洞
CVE-2022-28328		Siemens SCALANCE 输入验证错误漏洞
CVE-2022-27481		Siemens SCALANCE竞争条件问题漏洞
CVE-2022-27480		Siemens SICAM 访问控制错误漏洞
CVE-2022-27241		Siemens Mendix 信息泄露漏洞
CVE-2022-27194		多款Siemens SIMATIC 产品资源管理错误漏洞
CVE-2022-26380		多款 Siemens 产品缓冲区错误漏洞
CVE-2022-26335		多款 Siemens 产品安全漏洞
CVE-2022-25756		多款 Siemens 产品跨站脚本漏洞
CVE-2022-25755		Siemens SCALANCE 安全漏洞
CVE-2022-25754		多款 Siemens 产品跨站请求伪造漏洞
CVE-2022-25753		多款 Siemens 产品缓冲区错误漏洞
CVE-2022-25752		多款 Siemens 产品安全特征问题漏洞
CVE-2022-25751		多款 Siemens 产品输入验证错误漏洞
CVE-2022-25650		Siemens Mendix 安全漏洞

Showing top 20 of 25 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: Siemens

Same weakness: CWE-119

V. Comments for CVE-2021-40368

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-40368

I. Basic Information for CVE-2021-40368

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-40368

III. Intelligence Information for CVE-2021-40368

Same Patch Batch · Siemens · 2022-04-12 · 25 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-40368

Leave a comment