All the vulnerabilites related to Siemens - SIMATIC S7-400 CPU 412-2 DP V7
cve-2018-16557
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-08-05 10:24
Summary
A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system.
Impacted products
Vendor Product Version
Siemens SIMATIC S7-400 CPU 412-2 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 414-2 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 414-3 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 414-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 CPU 414F-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 CPU 416-2 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 416-3 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 416-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 CPU 416F-2 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 416F-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 CPU 417-4 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 412-2 PN V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) Version: All versions < V6.0.9
Siemens SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC S7-410 CPU family (incl. SIPLUS variants) Version: All versions < V8.2.1
Siemens SIPLUS S7-400 CPU 414-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIPLUS S7-400 CPU 416-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIPLUS S7-400 CPU 416-3 V7 Version: All versions
Siemens SIPLUS S7-400 CPU 417-4 V7 Version: All versions
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:24:32.852Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 412-1 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 412-2 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 414-2 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 414-3 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 414-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 414F-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 416-2 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 416-3 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 416-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 416F-2 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 416F-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 417-4 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 CPU 412-2 PN V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V6.0.9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-410 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V8.2.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 414-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 416-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 416-3 V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 417-4 V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in  SIMATIC S7-400 CPU 412-1 DP V7 (All versions),  SIMATIC S7-400 CPU 412-2 DP V7 (All versions),  SIMATIC S7-400 CPU 414-2 DP V7 (All versions),  SIMATIC S7-400 CPU 414-3 DP V7 (All versions),  SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 416-2 DP V7 (All versions),  SIMATIC S7-400 CPU 416-3 DP V7 (All versions),  SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 416F-2 DP V7 (All versions),  SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions \u003c V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions \u003c V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Sending of specially crafted packets to port 102/tcp via Ethernet interface\r\nvia PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service\r\ncondition on affected devices. Flashing with a firmware image may be required\r\nto recover the CPU.\r\n\r\nSuccessful exploitation requires an attacker to have network access to port\r\n102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or\r\nMulti Point Interfaces (MPI) to the device. No user interaction is required.\r\nIf no access protection is configured, no privileges are required to exploit\r\nthe security vulnerability. The vulnerability could allow causing a\r\ndenial of service condition of the core functionality of the CPU,\r\ncompromising the availability of the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T11:51:01.652Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2018-16557",
    "datePublished": "2018-12-13T16:00:00",
    "dateReserved": "2018-09-06T00:00:00",
    "dateUpdated": "2024-08-05T10:24:32.852Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-16556
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-08-05 10:24
Summary
A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system.
Impacted products
Vendor Product Version
Siemens SIMATIC S7-400 CPU 412-2 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 414-2 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 414-3 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 414-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 CPU 414F-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 CPU 416-2 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 416-3 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 416-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 CPU 416F-2 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 416F-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 CPU 417-4 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 412-2 PN V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) Version: All versions < V6.0.9
Siemens SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC S7-410 CPU family (incl. SIPLUS variants) Version: All versions < V8.2.1
Siemens SIPLUS S7-400 CPU 414-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIPLUS S7-400 CPU 416-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIPLUS S7-400 CPU 416-3 V7 Version: All versions
Siemens SIPLUS S7-400 CPU 417-4 V7 Version: All versions
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:24:32.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 412-1 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 412-2 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 414-2 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 414-3 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 414-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 414F-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 416-2 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 416-3 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 416-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 416F-2 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 416F-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 417-4 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 CPU 412-2 PN V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V6.0.9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-410 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V8.2.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 414-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 416-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 416-3 V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 417-4 V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in  SIMATIC S7-400 CPU 412-1 DP V7 (All versions),  SIMATIC S7-400 CPU 412-2 DP V7 (All versions),  SIMATIC S7-400 CPU 414-2 DP V7 (All versions),  SIMATIC S7-400 CPU 414-3 DP V7 (All versions),  SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 416-2 DP V7 (All versions),  SIMATIC S7-400 CPU 416-3 DP V7 (All versions),  SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 416F-2 DP V7 (All versions),  SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions \u003c V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions \u003c V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via\r\nPROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected\r\ndevices to go into defect mode. Manual reboot is required to resume normal\r\noperation.\r\n\r\nSuccessful exploitation requires an attacker to be able to send specially\r\ncrafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi\r\nPoint Interfaces (MPI). No user interaction and no user privileges are\r\nrequired to exploit the security vulnerability. The vulnerability could allow\r\ncausing a denial of service condition of the core functionality of the CPU,\r\ncompromising the availability of the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T11:51:00.586Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2018-16556",
    "datePublished": "2018-12-13T16:00:00",
    "dateReserved": "2018-09-06T00:00:00",
    "dateUpdated": "2024-08-05T10:24:32.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-40368
Vulnerability from cvelistv5
Published
2022-04-12 09:07
Modified
2024-08-04 02:44
Summary
A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions < V10.1), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions < V8.2.3), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations.
Impacted products
Vendor Product Version
Siemens SIMATIC S7-400 CPU 412-2 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 412-2 PN/DP V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 CPU 414-2 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 414-3 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 414-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 CPU 414F-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 CPU 416-2 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 416-3 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 416-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 CPU 416F-2 DP V7 Version: All versions
Siemens SIMATIC S7-400 CPU 416F-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 CPU 417-4 DP V7 Version: All versions
Siemens SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) Version: All versions < V6.0.10
Siemens SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) Version: All versions < V10.1
Siemens SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) Version: All versions < V8.2.3
Siemens SIPLUS S7-400 CPU 414-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIPLUS S7-400 CPU 416-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIPLUS S7-400 CPU 416-3 V7 Version: All versions
Siemens SIPLUS S7-400 CPU 417-4 V7 Version: All versions
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:44:09.608Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-557541.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 412-1 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 412-2 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 412-2 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 414-2 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 414-3 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 414-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 414F-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 416-2 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 416-3 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 416-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 416F-2 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 416F-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 417-4 DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V6.0.10"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V10.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V8.2.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 414-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 416-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 416-3 V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 417-4 V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in  SIMATIC S7-400 CPU 412-1 DP V7 (All versions),  SIMATIC S7-400 CPU 412-2 DP V7 (All versions),  SIMATIC S7-400 CPU 412-2 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 414-2 DP V7 (All versions),  SIMATIC S7-400 CPU 414-3 DP V7 (All versions),  SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 416-2 DP V7 (All versions),  SIMATIC S7-400 CPU 416-3 DP V7 (All versions),  SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 416F-2 DP V7 (All versions),  SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.10), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions \u003c V10.1), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions \u003c V8.2.3), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Affected devices improperly handle specially crafted packets sent to port 102/tcp.\n\nThis could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-11T09:02:03.176Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-557541.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-40368",
    "datePublished": "2022-04-12T09:07:23",
    "dateReserved": "2021-09-01T00:00:00",
    "dateUpdated": "2024-08-04T02:44:09.608Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}