CVE-2021-37186
First published: Tue Sep 14 2021(Updated: )
A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU3010C (All versions < V4.0.9), SIMATIC RTU3030C (All versions < V4.0.9), SIMATIC RTU3031C (All versions < V4.0.9), SIMATIC RTU3041C (All versions < V4.0.9). The underlying TCP/IP stack does not properly calculate the random numbers used as ISN (Initial Sequence Numbers). An adjacent attacker with network access to the LAN interface could interfere with traffic, spoof the connection and gain access to sensitive information.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Logo\! Cmr2020 Firmware | <2.2 | |
| Siemens Logo\! Cmr2020 | ||
| Siemens Logo\! Cmr2040 Firmware | <2.2 | |
| Siemens Logo\! Cmr2040 | ||
| Siemens Simatic Rtu3010c Firmware | <4.0.9 | |
| Siemens Simatic Rtu3010c | ||
| Siemens Simatic Rtu3030c Firmware | <4.0.9 | |
| Siemens Simatic Rtu3030c | ||
| Siemens Simatic Rtu3031c Firmware | <4.0.9 | |
| Siemens Simatic Rtu3031c | ||
| Siemens Simatic Rtu3041c Firmware | <4.0.9 | |
| Siemens Simatic Rtu3041c |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-37186.
Which products are affected by this vulnerability?
This vulnerability affects LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU3010C (All versions < V4.0.9), SIMATIC RTU3030C (All versions < V4.0.9), SIMATIC RTU3031C (All versions < V4.0.9), and SIMATIC RTU3041C (All versions < V4.0.9).
What is the severity rating of this vulnerability?
This vulnerability has a severity rating of 5.4 (Medium).
How can I fix this vulnerability?
To fix this vulnerability, update LOGO! CMR2020, LOGO! CMR2040, SIMATIC RTU3010C, SIMATIC RTU3030C, SIMATIC RTU3031C, and SIMATIC RTU3041C to versions equal or greater than V2.2 and V4.0.9 respectively.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following link: [Siemens Security Advisory SSA-316383](https://cert-portal.siemens.com/productcert/pdf/ssa-316383.pdf)
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/siemens
- canonical/siemens logo\! cmr2020 firmware
- canonical/siemens logo\! cmr2020
- canonical/siemens logo\! cmr2040 firmware
- canonical/siemens logo\! cmr2040
- canonical/siemens simatic rtu3010c firmware
- canonical/siemens simatic rtu3010c
- canonical/siemens simatic rtu3030c firmware
- canonical/siemens simatic rtu3030c
- canonical/siemens simatic rtu3031c firmware
- canonical/siemens simatic rtu3031c
- canonical/siemens simatic rtu3041c firmware
- canonical/siemens simatic rtu3041c