CVE-2014-5074 - Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denia

CVE-2014-5074

Summary

Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets.

References

Vulnerable Configurations

cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.1.1:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.1.1:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.1.2:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.1.2:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.5.1:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.5.1:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1511-1_pn_cpu:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1511-1_pn_cpu:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1513-1_pn_cpu:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1513-1_pn_cpu:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1515-2_pn_cpu:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1515-2_pn_cpu:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1516-3_pn\/dp_cpu:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1516-3_pn\/dp_cpu:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1516f-3_pn\/dp_cpu:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1516f-3_pn\/dp_cpu:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1518-4_pn\/dp_cpu:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1518-4_pn\/dp_cpu:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1518f-4_pn\/dp_cpu:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1518f-4_pn\/dp_cpu:-:*:*:*:*:*:*:*

CVSS

Base:	7.1 (as of 25-05-2018 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:C

refmap via4

confirm	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-310688.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-310688.pdf
exploit-db	44693
misc	https://ics-cert.us-cert.gov/advisories/ICSA-14-226-01

Last major update

25-05-2018 - 01:29

Published

17-08-2014 - 23:55

Last modified

25-05-2018 - 01:29