CVE-2021-33737 – A denial-of-service vulnerability in Siemens SI... (How to Fix)

Q: How do I fix CVE-2021-33737?

1. Download firmware update from Siemens Industry Online Support. 2. Follow Siemens firmware update procedures for affected CP modules. 3. Restart devices after update.

Q: What is the severity of CVE-2021-33737?

CVE-2021-33737 has a CVSS score of 7.5 (HIGH). A denial-of-service vulnerability in Siemens SIMATIC CP industrial communication modules allows remote attackers to crash affected devices by sending specially crafted packets to TCP port 102. The vulnerability affects multiple SIMATIC CP product families, requiring a device restart to restore normal operations.

📋 TL;DR

A denial-of-service vulnerability in Siemens SIMATIC CP industrial communication modules allows remote attackers to crash affected devices by sending specially crafted packets to TCP port 102. The vulnerability affects multiple SIMATIC CP product families, requiring a device restart to restore normal operations.

💻 Affected Systems

Products:

SIMATIC CP 343-1
SIMATIC CP 343-1 Advanced
SIMATIC CP 343-1 ERPC
SIMATIC CP 343-1 Lean
SIMATIC CP 443-1
SIMATIC CP 443-1 Advanced
SIPLUS NET CP 443-1
SIPLUS NET CP 443-1 Advanced

Versions: All versions for CP 343-1 variants; All versions < V3.3 for CP 443-1 variants

Operating Systems: Embedded firmware on Siemens industrial devices

Default Config Vulnerable: ⚠️ Yes

Notes: SIPLUS variants are also affected. Port 102/tcp is the standard Siemens S7 communication port.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service requiring physical restart of industrial control system components, potentially disrupting manufacturing or industrial processes.

🟠

Likely Case

Temporary disruption of network communications to affected CP modules until manual restart is performed.

🟢

If Mitigated

No impact if devices are properly segmented and protected from untrusted network traffic.

🌐 Internet-Facing: HIGH - Directly exposed devices can be easily targeted via port 102.

🏢 Internal Only: MEDIUM - Requires internal network access but exploitation is straightforward.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted packets to port 102/tcp. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V3.3 for CP 443-1 variants; No patch available for CP 343-1 variants

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf

Restart Required: Yes

Instructions:

1. Download firmware update from Siemens Industry Online Support. 2. Follow Siemens firmware update procedures for affected CP modules. 3. Restart devices after update.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to port 102/tcp using firewall rules to only trusted systems.

Network Monitoring

all

Implement network monitoring for anomalous traffic patterns on port 102.

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices from untrusted networks.
Deploy intrusion detection systems to monitor for exploitation attempts on port 102.

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via Siemens TIA Portal or STEP 7 software.

Check Version:

Use Siemens TIA Portal or STEP 7 to read device information and firmware version.

Verify Fix Applied:

Verify firmware version is V3.3 or higher for CP 443-1 variants. No fix available for CP 343-1 variants.

📡 Detection & Monitoring

Log Indicators:

Device restart logs
Communication failure logs on port 102

Network Indicators:

Anomalous traffic patterns to port 102/tcp
Multiple connection attempts to port 102

SIEM Query:

source_port:102 AND (packet_size:anomalous OR connection_rate:high)

📊 Metadata

CVE ID: CVE-2021-33737

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-119

Published: September 14, 2021

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf Patch,Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-33737, you might also want to check these: