Siemens SIMATIC S7-200 SMART DoS Vulnerability Advisory (CVE-2024-43647)

Key Information Vulnerability Description Vulnerability ID: SSA-969738 Vulnerability Type: Denial of Service (DoS) Vulnerability Affected Product: SIMATIC S7-200 SMART Devices Description: If TCP packets sent to the device have a specific structure, it may lead to service disruption. Impact Scope Affected Versions: SIMATIC S7-200 SMART CPU family Remediation Status: No remediation plan is currently available. Workarounds and Mitigations Recommended Actions: Restrict network access to trusted users and systems only. Workarounds: Follow general security recommendations. General Security Recommendations Recommended Actions: Operate the device in a protected IT environment and configure the environment according to Siemens’ industrial security operation guidelines. Recommended Actions: Follow recommendations provided in the product manual. Product Description Product Description: Describes the features of SIMATIC S7-200 SMART Devices. Vulnerability Details Vulnerability ID: CVE-2024-43647 Description: The device improperly handles TCP packets with malformed structures, potentially causing service disruption. CVSS Score: - CVSS v3.1 Base Score: 7.5 - CVSS v4.0 Base表 Score: 8.7 CWE: CWE-400: Uncontrolled Resource Consumption Additional Information Contact: For further inquiries regarding security vulnerabilities in Siemens products and solutions, contact Siemens Product CERT. Historical Data: Version 1.0 (2024-09-10): Release Date Terms of Use: Siemens security advisories are subject to Siemens’ terms of use. Summary This security advisory describes a DoS vulnerability affecting SIMATIC S7-200 SMART Devices. It recommends restricting network access and following general security best practices to mitigate the risk.

Goal Reached Thanks to every supporter — we hit 100%!

Siemens SIMATIC S7-200 SMART DoS Vulnerability Advisory (CVE-2024-43647)