CVE-2024-43647 – This vulnerability affects multiple SIMATIC S7-... (How to Fix)

Q: What is the severity of CVE-2024-43647?

CVE-2024-43647 has a CVSS score of 7.5 (HIGH). This vulnerability affects multiple SIMATIC S7-200 SMART CPU models where improper handling of malformed TCP packets can cause denial of service. An unauthenticated remote attacker can crash the device, requiring physical intervention (unplugging and re-plugging the network cable) to restore functionality. Industrial control system operators using these specific Siemens PLCs are affected.

📋 TL;DR

This vulnerability affects multiple SIMATIC S7-200 SMART CPU models where improper handling of malformed TCP packets can cause denial of service. An unauthenticated remote attacker can crash the device, requiring physical intervention (unplugging and re-plugging the network cable) to restore functionality. Industrial control system operators using these specific Siemens PLCs are affected.

💻 Affected Systems

Products:

SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0)
SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0)
SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0)
SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1)
SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0)
SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1)
SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0)
SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1)
SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0)
SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1)
SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0)
SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1)
SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0)
SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1)
SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0)
SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1)
SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0)
SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1)

Versions: All versions

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All listed CPU models in their standard configurations are vulnerable. This affects industrial control systems using these specific Siemens PLCs.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Critical industrial processes are disrupted, requiring physical access to restart devices, potentially causing production downtime, safety issues, or equipment damage.

🟠

Likely Case

Temporary denial of service affecting PLC operations until network cable is physically reset, disrupting automated processes.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to isolated control network segments.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation possible if devices are directly internet-accessible.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability description suggests straightforward exploitation via malformed TCP packets without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-969738.html

Restart Required: No

Instructions:

No official patch is available. Siemens recommends implementing network security measures as workarounds. Monitor the vendor advisory for updates.

🔧 Temporary Workarounds

Network Segmentation and Firewall Rules

all

Isolate affected PLCs in dedicated control network segments and restrict TCP traffic to trusted sources only.

Access Control Lists

all

Implement network ACLs to block all unnecessary TCP traffic to affected devices from untrusted networks.

🧯 If You Can't Patch

Implement strict network segmentation to isolate PLCs from general corporate networks and the internet.
Deploy industrial firewalls or network intrusion prevention systems to detect and block malformed TCP packets.

🔍 How to Verify

Check if Vulnerable:

Check device model numbers against the affected products list. If using any listed SIMATIC S7-200 SMART CPU model, the device is vulnerable.

Check Version:

Check device labeling or use Siemens TIA Portal software to identify CPU model and firmware version.

Verify Fix Applied:

No patch available to verify. Verify workarounds by testing network isolation and access controls.

📡 Detection & Monitoring

Log Indicators:

PLC communication failures
Unexpected device restarts
Network connectivity loss logs

Network Indicators:

Unusual TCP traffic patterns to PLC ports
Malformed TCP packets detected by network security tools

SIEM Query:

Search for network traffic to PLC IP addresses with abnormal TCP flags or packet structures.

📊 Metadata

CVE ID: CVE-2024-43647

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

Published: September 10, 2024

Last Updated: September 10, 2024

🔗 References

https://cert-portal.siemens.com/productcert/html/ssa-969738.html

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43647, you might also want to check these: