CVE-2018-4850 - A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below (

CVE-2018-4850

Summary

A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below (All versions), SIMATIC S7-400 (incl. F) CPU hardware version 5.0 (All firmware versions < V5.2), SIMATIC S7-400H CPU hardware version 4.5 and below (All versions). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart.

References

Vulnerable Configurations

cpe:2.3:o:siemens:simatic_s7-400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-400h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-400h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400h:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400h:-:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 09-10-2019 - 23:41)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	104217
confirm	https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf https://www.siemens.com/global/en/home/products/services/cert.html#SecurityPublications

Last major update

09-10-2019 - 23:41

Published

16-05-2018 - 17:29

Last modified

09-10-2019 - 23:41