All the vulnerabilites related to Siemens - SIMATIC CP 443-1
cve-2021-33737
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-03 23:58
Summary
A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3). Sending a specially crafted packet to port 102/tcp of an affected device could cause a denial of service condition. A restart is needed to restore normal operations.
Impacted products
Vendor Product Version
Siemens SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC CP 343-1 ERPC Version: All versions
Siemens SIMATIC CP 343-1 Lean (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC CP 443-1 Version: All versions < V3.3
Siemens SIMATIC CP 443-1 Version: All versions < V3.3
Siemens SIMATIC CP 443-1 Advanced Version: All versions < V3.3
Siemens SIPLUS NET CP 443-1 Version: All versions < V3.3
Siemens SIPLUS NET CP 443-1 Advanced Version: All versions < V3.3
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:58:22.953Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 343-1 (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 343-1 ERPC",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 343-1 Lean (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (All versions \u003c V3.3), SIPLUS NET CP 443-1 (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (All versions \u003c V3.3). Sending a specially crafted packet to port 102/tcp of an affected device could cause a denial of service condition. A restart is needed to restore normal operations."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-11T09:01:52.372Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-33737",
    "datePublished": "2021-09-14T10:47:38",
    "dateReserved": "2021-05-28T00:00:00",
    "dateUpdated": "2024-08-03T23:58:22.953Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-13946
Vulnerability from cvelistv5
Published
2020-02-11 15:36
Modified
2024-08-05 00:05
Summary
Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device.
Impacted products
Vendor Product Version
Siemens Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 Version: All Versions < V4.5
Siemens Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P Version: All Versions < V4.6
Siemens PROFINET Driver for Controller Version: All Versions < V2.1
Siemens RUGGEDCOM RM1224 family Version: All versions < V4.3
Siemens SCALANCE M804PB Version: All versions < V4.3
Siemens SCALANCE M812-1 ADSL-Router Version: All versions < V4.3
Siemens SCALANCE M812-1 ADSL-Router Version: All versions < V4.3
Siemens SCALANCE M816-1 ADSL-Router Version: All versions < V4.3
Siemens SCALANCE M816-1 ADSL-Router Version: All versions < V4.3
Siemens SCALANCE M826-2 SHDSL-Router Version: All versions < V4.3
Siemens SCALANCE M874-2 Version: All versions < V4.3
Siemens SCALANCE M874-3 Version: All versions < V4.3
Siemens SCALANCE M876-3 Version: All versions < V4.3
Siemens SCALANCE M876-3 (ROK) Version: All versions < V4.3
Siemens SCALANCE M876-4 (EU) Version: All versions < V4.3
Siemens SCALANCE M876-4 (NAM) Version: All versions < V4.3
Siemens SCALANCE S615 LAN-Router Version: All versions < V4.3
Siemens SCALANCE W-700 IEEE 802.11n family Version: All versions <= V6.0.1
Siemens SCALANCE X200-4P IRT Version: All Versions < V5.3
Siemens SCALANCE X201-3P IRT Version: All Versions < V5.3
Siemens SCALANCE X201-3P IRT PRO Version: All Versions < V5.3
Siemens SCALANCE X202-2IRT Version: All Versions < V5.3
Siemens SCALANCE X202-2P IRT Version: All Versions < V5.3
Siemens SCALANCE X202-2P IRT PRO Version: All Versions < V5.3
Siemens SCALANCE X204-2 Version: All versions < V5.2.5
Siemens SCALANCE X204-2FM Version: All versions < V5.2.5
Siemens SCALANCE X204-2LD Version: All versions < V5.2.5
Siemens SCALANCE X204-2LD TS Version: All versions < V5.2.5
Siemens SCALANCE X204-2TS Version: All versions < V5.2.5
Siemens SCALANCE X204IRT Version: All Versions < V5.3
Siemens SCALANCE X204IRT PRO Version: All Versions < V5.3
Siemens SCALANCE X206-1 Version: All versions < V5.2.5
Siemens SCALANCE X206-1LD Version: All versions < V5.2.5
Siemens SCALANCE X208 Version: All versions < V5.2.5
Siemens SCALANCE X208PRO Version: All versions < V5.2.5
Siemens SCALANCE X212-2 Version: All versions < V5.2.5
Siemens SCALANCE X212-2LD Version: All versions < V5.2.5
Siemens SCALANCE X216 Version: All versions < V5.2.5
Siemens SCALANCE X224 Version: All versions < V5.2.5
Siemens SCALANCE X302-7 EEC (230V, coated) Version: All versions < V4.1.4
Siemens SCALANCE X302-7 EEC (230V) Version: All versions < V4.1.4
Siemens SCALANCE X302-7 EEC (24V, coated) Version: All versions < V4.1.4
Siemens SCALANCE X302-7 EEC (24V) Version: All versions < V4.1.4
Siemens SCALANCE X302-7 EEC (2x 230V, coated) Version: All versions < V4.1.4
Siemens SCALANCE X302-7 EEC (2x 230V) Version: All versions < V4.1.4
Siemens SCALANCE X302-7 EEC (2x 24V, coated) Version: All versions < V4.1.4
Siemens SCALANCE X302-7 EEC (2x 24V) Version: All versions < V4.1.4
Siemens SCALANCE X304-2FE Version: All versions < V4.1.4
Siemens SCALANCE X306-1LD FE Version: All versions < V4.1.4
Siemens SCALANCE X307-2 EEC (230V, coated) Version: All versions < V4.1.4
Siemens SCALANCE X307-2 EEC (230V) Version: All versions < V4.1.4
Siemens SCALANCE X307-2 EEC (24V, coated) Version: All versions < V4.1.4
Siemens SCALANCE X307-2 EEC (24V) Version: All versions < V4.1.4
Siemens SCALANCE X307-2 EEC (2x 230V, coated) Version: All versions < V4.1.4
Siemens SCALANCE X307-2 EEC (2x 230V) Version: All versions < V4.1.4
Siemens SCALANCE X307-2 EEC (2x 24V, coated) Version: All versions < V4.1.4
Siemens SCALANCE X307-2 EEC (2x 24V) Version: All versions < V4.1.4
Siemens SCALANCE X307-3 Version: All versions < V4.1.4
Siemens SCALANCE X307-3 Version: All versions < V4.1.4
Siemens SCALANCE X307-3LD Version: All versions < V4.1.4
Siemens SCALANCE X307-3LD Version: All versions < V4.1.4
Siemens SCALANCE X308-2 Version: All versions < V4.1.4
Siemens SCALANCE X308-2 Version: All versions < V4.1.4
Siemens SCALANCE X308-2LD Version: All versions < V4.1.4
Siemens SCALANCE X308-2LD Version: All versions < V4.1.4
Siemens SCALANCE X308-2LH Version: All versions < V4.1.4
Siemens SCALANCE X308-2LH Version: All versions < V4.1.4
Siemens SCALANCE X308-2LH+ Version: All versions < V4.1.4
Siemens SCALANCE X308-2LH+ Version: All versions < V4.1.4
Siemens SCALANCE X308-2M Version: All versions < V4.1.4
Siemens SCALANCE X308-2M Version: All versions < V4.1.4
Siemens SCALANCE X308-2M PoE Version: All versions < V4.1.4
Siemens SCALANCE X308-2M PoE Version: All versions < V4.1.4
Siemens SCALANCE X308-2M TS Version: All versions < V4.1.4
Siemens SCALANCE X308-2M TS Version: All versions < V4.1.4
Siemens SCALANCE X310 Version: All versions < V4.1.4
Siemens SCALANCE X310 Version: All versions < V4.1.4
Siemens SCALANCE X310FE Version: All versions < V4.1.4
Siemens SCALANCE X310FE Version: All versions < V4.1.4
Siemens SCALANCE X320-1 FE Version: All versions < V4.1.4
Siemens SCALANCE X320-1-2LD FE Version: All versions < V4.1.4
Siemens SCALANCE X408-2 Version: All versions < V4.1.4
Siemens SCALANCE XB-200 family Version: All Versions < V3.0
Siemens SCALANCE XC-200 Version: All Versions < V3.0
Siemens SCALANCE XF-200BA Version: All Versions < V3.0
Siemens SCALANCE XF201-3P IRT Version: All Versions < V5.3
Siemens SCALANCE XF202-2P IRT Version: All Versions < V5.3
Siemens SCALANCE XF204 Version: All versions < V5.2.5
Siemens SCALANCE XF204-2 Version: All versions < V5.2.5
Siemens SCALANCE XF204-2BA IRT Version: All Versions < V5.3
Siemens SCALANCE XF204IRT Version: All Versions < V5.3
Siemens SCALANCE XF206-1 Version: All versions < V5.2.5
Siemens SCALANCE XF208 Version: All versions < V5.2.5
Siemens SCALANCE XM-400 family Version: All Versions < V6.0
Siemens SCALANCE XP-200 Version: All Versions < V3.0
Siemens SCALANCE XR-300WG family Version: All Versions < V3.0
Siemens SCALANCE XR-500 family Version: All Versions < V6.0
Siemens SCALANCE XR324-12M (230V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-12M (230V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-12M (230V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-12M (230V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-12M (24V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-12M (24V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-12M (24V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-12M (24V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-12M TS (24V) Version: All versions < V4.1.4
Siemens SCALANCE XR324-12M TS (24V) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (24V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (24V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (24V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (24V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 24V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 24V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 24V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 24V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M PoE (230V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M PoE (230V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M PoE (24V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M PoE (24V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M PoE TS (24V, ports on front) Version: All versions < V4.1.4
Siemens SIMATIC CP 1616 and CP 1604 Version: All Versions < V2.8
Siemens SIMATIC CP 343-1 Version: All versions
Siemens SIMATIC CP 343-1 Advanced Version: All versions
Siemens SIMATIC CP 343-1 ERPC Version: All versions
Siemens SIMATIC CP 343-1 Lean Version: All versions
Siemens SIMATIC CP 443-1 Version: 0   < V3.3
Siemens SIMATIC CP 443-1 Version: 0   < V3.3
Siemens SIMATIC CP 443-1 Advanced Version: 0   < V3.3
Siemens SIMATIC CP 443-1 OPC UA Version: All versions
Siemens SIMATIC ET 200AL IM 157-1 PN Version: All versions
Siemens SIMATIC ET 200M IM 153-4 PN IO HF (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC ET 200M IM 153-4 PN IO ST (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC ET 200MP IM 155-5 PN HF Version: 0   < V4.2.0
Siemens SIMATIC ET 200MP IM 155-5 PN ST Version: 0   < V4.1.0
Siemens SIMATIC ET 200pro IM 154-3 PN HF Version: 0   < *
Siemens SIMATIC ET 200pro IM 154-4 PN HF Version: All versions
Siemens SIMATIC ET 200SP IM 155-6 PN BA Version: 0   < *
Siemens SIMATIC ET 200SP IM 155-6 PN HF Version: 0   < V4.2.0
Siemens SIMATIC ET 200SP IM 155-6 PN ST Version: 0   < V4.1.0
Siemens SIMATIC ET 200SP IM 155-6 PN ST BA Version: 0   < V4.1.0
Siemens SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 4AO U/I 4xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN: IO-Link Master Version: All versions
Siemens SIMATIC ET200S (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC IPC Support, Package for VxWorks Version: 0   < *
Siemens SIMATIC MV420 SR-B Version: 0   < V7.0.6
Siemens SIMATIC MV420 SR-B Body Version: 0   < V7.0.6
Siemens SIMATIC MV420 SR-P Version: 0   < V7.0.6
Siemens SIMATIC MV420 SR-P Body Version: 0   < V7.0.6
Siemens SIMATIC MV440 HR Version: 0   < V7.0.6
Siemens SIMATIC MV440 SR Version: 0   < V7.0.6
Siemens SIMATIC MV440 UR Version: 0   < V7.0.6
Siemens SIMATIC PN/PN Coupler (incl. SIPLUS NET variants) Version: All Versions
Siemens SIMATIC RF180C Version: All versions
Siemens SIMATIC RF182C Version: All versions
Siemens SIMATIC RF600R family Version: All versions < V3
Siemens SIMOTION C Version: All versions < V4.5
Siemens SIMOTION D Version: All versions < V4.5
Siemens SIMOTION P Version: All versions < V4.5
Siemens SINAMICS DCP Version: All Versions < V1.3
Siemens SIPLUS ET 200MP IM 155-5 PN HF Version: 0   < V4.2.0
Siemens SIPLUS ET 200MP IM 155-5 PN HF Version: 0   < V4.2.0
Siemens SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL Version: 0   < V4.2.0
Siemens SIPLUS ET 200MP IM 155-5 PN ST Version: 0   < V4.1.0
Siemens SIPLUS ET 200MP IM 155-5 PN ST TX RAIL Version: 0   < V4.1.0
Siemens SIPLUS ET 200SP IM 155-6 PN HF Version: 0   < V4.2.0
Siemens SIPLUS ET 200SP IM 155-6 PN HF Version: 0   < V4.2.0
Siemens SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL Version: 0   < V4.2.0
Siemens SIPLUS ET 200SP IM 155-6 PN ST Version: 0   < V4.1.0
Siemens SIPLUS ET 200SP IM 155-6 PN ST BA Version: 0   < V4.1.0
Siemens SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL Version: 0   < V4.1.0
Siemens SIPLUS ET 200SP IM 155-6 PN ST TX RAIL Version: 0   < V4.1.0
Siemens SIPLUS NET CP 343-1 Version: All versions
Siemens SIPLUS NET CP 343-1 Advanced Version: All versions
Siemens SIPLUS NET CP 343-1 Lean Version: All versions
Siemens SIPLUS NET CP 443-1 Version: 0   < V3.3
Siemens SIPLUS NET CP 443-1 Advanced Version: 0   < V3.3
Siemens SIPLUS NET SCALANCE X308-2 Version: All versions < V4.1.4
Siemens SOFTNET-IE PNIO Version: All versions
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-13946",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-09T18:06:01.358486Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-09T18:06:09.778Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:05:44.023Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-780073.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V4.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V4.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "PROFINET Driver for Controller",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V2.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RM1224 family",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M804PB",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M812-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M812-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M816-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M816-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M826-2 SHDSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M874-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M874-3",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-3",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-3 (ROK)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4 (EU)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4 (NAM)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE S615 LAN-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W-700 IEEE 802.11n family",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c= V6.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X200-4P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V5.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V5.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X201-3P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V5.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V5.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V5.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V5.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2FM",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2LD TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V5.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V5.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X206-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X206-1LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X208",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X208PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X212-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X212-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X216",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X224",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X302-7 EEC (230V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X302-7 EEC (230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X302-7 EEC (24V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X302-7 EEC (24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X302-7 EEC (2x 230V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X302-7 EEC (2x 230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X302-7 EEC (2x 24V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X302-7 EEC (2x 24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X304-2FE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X306-1LD FE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-2 EEC (230V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-2 EEC (230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-2 EEC (24V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-2 EEC (24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-2 EEC (2x 230V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-2 EEC (2x 230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-2 EEC (2x 24V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-2 EEC (2x 24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-3",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-3",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-3LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-3LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2LH",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2LH",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2LH+",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2LH+",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2M",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2M",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2M PoE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2M PoE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2M TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2M TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X310",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X310",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X310FE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X310FE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X320-1 FE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X320-1-2LD FE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X408-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB-200 family",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V3.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC-200",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V3.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF-200BA",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V3.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V5.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V5.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2BA IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V5.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V5.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF206-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF208",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XM-400 family",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V6.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP-200",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V3.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR-300WG family",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V3.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR-500 family",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V6.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M (230V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M (230V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M (230V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M (230V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M (24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M (24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M (24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M (24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M TS (24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M TS (24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M PoE (230V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M PoE (24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1616 and CP 1604",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V2.8"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 343-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 343-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 343-1 ERPC",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 343-1 Lean",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1 OPC UA",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200AL IM 157-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200M IM 153-4 PN IO HF (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200M IM 153-4 PN IO ST (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200MP IM 155-5 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200MP IM 155-5 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM 154-3 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM 154-4 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN BA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN ST BA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 4AO U/I 4xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN: IO-Link Master",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200S (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC Support, Package for VxWorks",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC MV420 SR-B",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC MV420 SR-B Body",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC MV420 SR-P",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC MV420 SR-P Body",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC MV440 HR",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC MV440 SR",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC MV440 UR",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF180C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF182C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF600R family",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOTION C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOTION D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOTION P",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS DCP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V1.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST BA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 343-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 343-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 343-1 Lean",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET SCALANCE X308-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SOFTNET-IE PNIO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit\ninternal resource allocation when multiple legitimate diagnostic package\nrequests are sent to the DCE-RPC interface.\nThis could lead to a denial of service condition due to lack of memory\nfor devices that include a vulnerable version of the stack.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to an affected device. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise the availability of the device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-09T12:03:58.088Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-780073.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2019-13946",
    "datePublished": "2020-02-11T15:36:10",
    "dateReserved": "2019-07-18T00:00:00",
    "dateUpdated": "2024-08-05T00:05:44.023Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-43716
Vulnerability from cvelistv5
Published
2023-04-11 09:02
Modified
2024-09-10 09:33
Summary
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product.
Impacted products
Vendor Product Version
Siemens SIMATIC CP 1243-1 Version: 0   < V3.4.29
Siemens SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) Version: 0   < V3.4.29
Siemens SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) Version: 0   < V3.4.29
Siemens SIMATIC CP 1243-7 LTE EU Version: 0   < V3.4.29
Siemens SIMATIC CP 1243-7 LTE US Version: 0   < V3.4.29
Siemens SIMATIC CP 1243-8 IRC Version: 0   < V3.4.29
Siemens SIMATIC CP 1542SP-1 Version: 0   < V2.3
Siemens SIMATIC CP 1542SP-1 IRC Version: 0   < V2.3
Siemens SIMATIC CP 1543SP-1 Version: 0   < V2.3
Siemens SIMATIC CP 443-1 Version: 0   < V3.3
Siemens SIMATIC CP 443-1 Version: 0   < V3.3
Siemens SIMATIC CP 443-1 Advanced Version: 0   < V3.3
Siemens SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL Version: 0   < V2.3
Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC Version: 0   < V2.3
Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL Version: 0   < V2.3
Siemens SIPLUS NET CP 1242-7 V2 Version: 0   < V3.4.29
Siemens SIPLUS NET CP 443-1 Version: 0   < V3.3
Siemens SIPLUS NET CP 443-1 Advanced Version: 0   < V3.3
Siemens SIPLUS S7-1200 CP 1243-1 Version: 0   < V3.4.29
Siemens SIPLUS S7-1200 CP 1243-1 RAIL Version: 0   < V3.4.29
Siemens SIPLUS TIM 1531 IRC Version: 0   < V2.3.6
Siemens TIM 1531 IRC Version: 0   < V2.3.6
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_net_cp_443-1:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_net_cp_443-1",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_443-1:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_443-1",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_443-1_advanced:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_443-1_advanced",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1242-7_gprs_v2:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1242-7_gprs_v2",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1243-1:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1243-1",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1243-1_dnp3",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1243-1_iec:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1243-1_iec",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1243-7_lte_eu",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1243-7_lte_us",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1243-8:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1243-8",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1542sp-1:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1542sp-1",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1542sp-1_irc",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1543sp-1:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1543sp-1",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_et_200sp_cp_1542sp-1_irc_tx_rail",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_et_200sp_cp_1543sp-1_isec",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_et_200sp_cp_1543sp-1_isec_tx_rail",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_net_cp_443-1_advanced:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_net_cp_443-1_advanced",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_net_cp_1242-7_v2",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_s7-1200_cp_1243-1",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_s7-1200_cp_1243-1_rail",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_tim_1531_irc:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_tim_1531_irc",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.3.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_tim_1531_irc:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_tim_1531_irc",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.3.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-43716",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-09T14:12:55.560896Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-09T14:35:43.227Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:40:06.265Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1242-7 V2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-7 LTE EU",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-7 LTE US",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-8 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1542SP-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1542SP-1 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1543SP-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 1242-7 V2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1200 CP 1243-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1200 CP 1243-1 RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS TIM 1531 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "TIM 1531 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions \u003c V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions \u003c V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions \u003c V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions \u003c V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T09:33:31.854Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-43716",
    "datePublished": "2023-04-11T09:02:49.383Z",
    "dateReserved": "2022-10-24T05:19:12.272Z",
    "dateUpdated": "2024-09-10T09:33:31.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-4843
Vulnerability from cvelistv5
Published
2018-03-20 14:00
Modified
2024-08-05 05:18
Summary
A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (All versions < V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.16), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX 2010 (All versions < V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions < V2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a denial of service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. A manual restart is required to recover the system.
Impacted products
Vendor Product Version
Siemens SIMATIC S7-400 CPU 414F-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 CPU 416-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 CPU 416F-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIMATIC CP 343-1 (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC CP 443-1 Version: All versions < V3.3
Siemens SIMATIC CP 443-1 Version: All versions < V3.3
Siemens SIMATIC CP 443-1 Advanced Version: All versions < V3.3
Siemens SIMATIC ET 200pro IM154-8 PN/DP CPU Version: All versions < V3.2.16
Siemens SIMATIC ET 200pro IM154-8F PN/DP CPU Version: All versions < V3.2.16
Siemens SIMATIC ET 200pro IM154-8FX PN/DP CPU Version: All versions < V3.2.16
Siemens SIMATIC ET 200S IM151-8 PN/DP CPU Version: All versions < V3.2.16
Siemens SIMATIC ET 200S IM151-8F PN/DP CPU Version: All versions < V3.2.16
Siemens SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) Version: All versions < V1.7.0
Siemens SIMATIC S7-1500 Software Controller Version: All versions < V1.7.0
Siemens SIMATIC S7-300 CPU 314C-2 PN/DP Version: All versions < V3.3.16
Siemens SIMATIC S7-300 CPU 315-2 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 315F-2 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 315T-3 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 317-2 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 317F-2 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 317T-3 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 317TF-3 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 319-3 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 319F-3 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-400 CPU 412-2 PN V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) Version: All versions < V6.0.9
Siemens SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) Version: All versions < V6.0.7
Siemens SIMATIC S7-410 CPU family (incl. SIPLUS variants) Version: All versions < V8.1
Siemens SIMATIC WinAC RTX 2010 Version: All versions < V2010 SP3
Siemens SIMATIC WinAC RTX F 2010 Version: All versions < V2010 SP3
Siemens SINUMERIK 828D Version: All versions < V4.7 SP6 HF1
Siemens SIPLUS ET 200S IM151-8 PN/DP CPU Version: All versions < V3.2.16
Siemens SIPLUS ET 200S IM151-8F PN/DP CPU Version: All versions < V3.2.16
Siemens SIPLUS NET CP 443-1 Version: All versions < V3.3
Siemens SIPLUS NET CP 443-1 Advanced Version: All versions < V3.3
Siemens SIPLUS S7-300 CPU 314C-2 PN/DP Version: All versions < V3.3.16
Siemens SIPLUS S7-300 CPU 315-2 PN/DP Version: All versions < V3.2.16
Siemens SIPLUS S7-300 CPU 315F-2 PN/DP Version: All versions < V3.2.16
Siemens SIPLUS S7-300 CPU 317-2 PN/DP Version: All versions < V3.2.16
Siemens SIPLUS S7-300 CPU 317F-2 PN/DP Version: All versions < V3.2.16
Siemens SIPLUS S7-400 CPU 414-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIPLUS S7-400 CPU 416-3 PN/DP V7 Version: All versions < V7.0.3
Siemens Softnet PROFINET IO for PC-based Windows systems Version: All versions
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:18:26.626Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 414-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 414F-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 416-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 416F-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 343-1 (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM154-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM154-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM154-8FX PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200S IM151-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200S IM151-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.7.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 Software Controller",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.7.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 314C-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317TF-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 319-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 319F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 CPU 412-2 PN V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V6.0.9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V6.0.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-410 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V8.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinAC RTX 2010",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2010 SP3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinAC RTX F 2010",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2010 SP3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINUMERIK 828D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.7 SP6 HF1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200S IM151-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200S IM151-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 314C-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 315-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 315F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 317-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 317F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 414-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 416-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Softnet PROFINET IO for PC-based Windows systems",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in  SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (All versions \u003c V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions \u003c V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V1.7.0), SIMATIC S7-1500 Software Controller (All versions \u003c V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions \u003c V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-400 CPU 412-2 PN V7 (All versions \u003c V7.0.3), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.7), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions \u003c V8.1), SIMATIC WinAC RTX 2010 (All versions \u003c V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions \u003c V2010 SP3), SINUMERIK 828D (All versions \u003c V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions \u003c V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions \u003c V3.2.16), SIPLUS NET CP 443-1 (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (All versions \u003c V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions \u003c V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a denial of service condition of the requesting system.\r\n\r\nThe security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. A manual restart is required to recover the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T11:50:59.460Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2018-4843",
    "datePublished": "2018-03-20T14:00:00",
    "dateReserved": "2018-01-02T00:00:00",
    "dateUpdated": "2024-08-05T05:18:26.626Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-43767
Vulnerability from cvelistv5
Published
2023-04-11 09:02
Modified
2024-09-10 09:33
Summary
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.
Impacted products
Vendor Product Version
Siemens SIMATIC CP 1243-1 Version: 0   < V3.4.29
Siemens SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) Version: 0   < V3.4.29
Siemens SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) Version: 0   < V3.4.29
Siemens SIMATIC CP 1243-7 LTE EU Version: 0   < V3.4.29
Siemens SIMATIC CP 1243-7 LTE US Version: 0   < V3.4.29
Siemens SIMATIC CP 1243-8 IRC Version: 0   < V3.4.29
Siemens SIMATIC CP 1542SP-1 Version: 0   < V2.3
Siemens SIMATIC CP 1542SP-1 IRC Version: 0   < V2.3
Siemens SIMATIC CP 1543SP-1 Version: 0   < V2.3
Siemens SIMATIC CP 443-1 Version: 0   < V3.3
Siemens SIMATIC CP 443-1 Version: 0   < V3.3
Siemens SIMATIC CP 443-1 Advanced Version: 0   < V3.3
Siemens SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL Version: 0   < V2.3
Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC Version: 0   < V2.3
Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL Version: 0   < V2.3
Siemens SIPLUS NET CP 1242-7 V2 Version: 0   < V3.4.29
Siemens SIPLUS NET CP 443-1 Version: 0   < V3.3
Siemens SIPLUS NET CP 443-1 Advanced Version: 0   < V3.3
Siemens SIPLUS S7-1200 CP 1243-1 Version: 0   < V3.4.29
Siemens SIPLUS S7-1200 CP 1243-1 RAIL Version: 0   < V3.4.29
Siemens SIPLUS TIM 1531 IRC Version: 0   < V2.3.6
Siemens TIM 1531 IRC Version: 0   < V2.3.6
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1542sp-1:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1542sp-1",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1542sp-1_irc",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1543sp-1:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1543sp-1",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_443-1:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_443-1",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_443-1_advanced:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_443-1_advanced",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_et_200sp_cp_1542sp-1_irc_tx_rail",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_et_200sp_cp_1543sp-1_isec",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_et_200sp_cp_1543sp-1_isec_tx_rail",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_net_cp_1242-7_v2",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_net_cp_443-1:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_net_cp_443-1",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_net_cp_443-1_advanced:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_net_cp_443-1_advanced",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_s7-1200_cp_1243-1",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1242-7_v2:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1242-7_v2",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1243-1:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1243-1",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1243-1_dnp3",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1243-1_iec:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1243-1_iec",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1243-7_lte_eu",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1243-7_lte_us",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cp_1243-8_irc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cp_1243-8_irc",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_s7-1200_cp_1243-1_rail",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_tim_1531_irc:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_tim_1531_irc",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.3.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tim_1531_irc",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.3.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-43767",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-12T19:11:06.737320Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-12T20:11:32.129Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:40:06.317Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1242-7 V2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-7 LTE EU",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-7 LTE US",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-8 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1542SP-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1542SP-1 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1543SP-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 1242-7 V2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1200 CP 1243-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1200 CP 1243-1 RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS TIM 1531 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "TIM 1531 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions \u003c V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions \u003c V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions \u003c V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions \u003c V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-833",
              "description": "CWE-833: Deadlock",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T09:33:33.351Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-43767",
    "datePublished": "2023-04-11T09:02:50.497Z",
    "dateReserved": "2022-10-26T11:27:16.347Z",
    "dateUpdated": "2024-09-10T09:33:33.351Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-43768
Vulnerability from cvelistv5
Published
2023-04-11 09:02
Modified
2024-09-10 09:33
Summary
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.
Impacted products
Vendor Product Version
Siemens SIMATIC CP 1243-1 Version: 0   < V3.4.29
Siemens SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) Version: 0   < V3.4.29
Siemens SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) Version: 0   < V3.4.29
Siemens SIMATIC CP 1243-7 LTE EU Version: 0   < V3.4.29
Siemens SIMATIC CP 1243-7 LTE US Version: 0   < V3.4.29
Siemens SIMATIC CP 1243-8 IRC Version: 0   < V3.4.29
Siemens SIMATIC CP 1542SP-1 Version: 0   < V2.3
Siemens SIMATIC CP 1542SP-1 IRC Version: 0   < V2.3
Siemens SIMATIC CP 1543SP-1 Version: 0   < V2.3
Siemens SIMATIC CP 443-1 Version: 0   < V3.3
Siemens SIMATIC CP 443-1 Version: 0   < V3.3
Siemens SIMATIC CP 443-1 Advanced Version: 0   < V3.3
Siemens SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL Version: 0   < V2.3
Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC Version: 0   < V2.3
Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL Version: 0   < V2.3
Siemens SIPLUS NET CP 1242-7 V2 Version: 0   < V3.4.29
Siemens SIPLUS NET CP 443-1 Version: 0   < V3.3
Siemens SIPLUS NET CP 443-1 Advanced Version: 0   < V3.3
Siemens SIPLUS S7-1200 CP 1243-1 Version: 0   < V3.4.29
Siemens SIPLUS S7-1200 CP 1243-1 RAIL Version: 0   < V3.4.29
Siemens SIPLUS TIM 1531 IRC Version: 0   < V2.3.6
Siemens TIM 1531 IRC Version: 0   < V2.3.6
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:40:06.422Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1242-7 V2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-7 LTE EU",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-7 LTE US",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-8 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1542SP-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1542SP-1 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1543SP-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 1242-7 V2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1200 CP 1243-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1200 CP 1243-1 RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS TIM 1531 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "TIM 1531 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions \u003c V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions \u003c V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions \u003c V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions \u003c V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T09:33:34.861Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-43768",
    "datePublished": "2023-04-11T09:02:51.623Z",
    "dateReserved": "2022-10-26T11:27:16.347Z",
    "dateUpdated": "2024-09-10T09:33:34.861Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-19301
Vulnerability from cvelistv5
Published
2020-04-14 19:50
Modified
2024-08-05 02:16
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, SCALANCE X202-2P IRT, SCALANCE X202-2P IRT PRO, SCALANCE X204-2, SCALANCE X204-2FM, SCALANCE X204-2LD, SCALANCE X204-2LD TS, SCALANCE X204-2TS, SCALANCE X204IRT, SCALANCE X204IRT PRO, SCALANCE X206-1, SCALANCE X206-1LD, SCALANCE X208, SCALANCE X208PRO, SCALANCE X212-2, SCALANCE X212-2LD, SCALANCE X216, SCALANCE X224, SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XF201-3P IRT, SCALANCE XF202-2P IRT, SCALANCE XF204, SCALANCE XF204-2, SCALANCE XF204-2BA IRT, SCALANCE XF204IRT, SCALANCE XF206-1, SCALANCE XF208, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIMATIC CP 343-1 Advanced, SIMATIC CP 442-1 RNA, SIMATIC CP 443-1, SIMATIC CP 443-1, SIMATIC CP 443-1 Advanced, SIMATIC CP 443-1 RNA, SIMATIC RF180C, SIMATIC RF182C, SIPLUS NET CP 343-1 Advanced, SIPLUS NET CP 443-1, SIPLUS NET CP 443-1 Advanced, SIPLUS NET SCALANCE X308-2. The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.
Impacted products
Vendor Product Version
Siemens SCALANCE X201-3P IRT Version: All versions < V5.5.0
Siemens SCALANCE X201-3P IRT PRO Version: All versions < V5.5.0
Siemens SCALANCE X202-2IRT Version: All versions < V5.5.0
Siemens SCALANCE X202-2P IRT Version: All versions < V5.5.0
Siemens SCALANCE X202-2P IRT PRO Version: All versions < V5.5.0
Siemens SCALANCE X204-2 Version: All versions < V5.2.5
Siemens SCALANCE X204-2FM Version: All versions < V5.2.5
Siemens SCALANCE X204-2LD Version: All versions < V5.2.5
Siemens SCALANCE X204-2LD TS Version: All versions < V5.2.5
Siemens SCALANCE X204-2TS Version: All versions < V5.2.5
Siemens SCALANCE X204IRT Version: All versions < V5.5.0
Siemens SCALANCE X204IRT PRO Version: All versions < V5.5.0
Siemens SCALANCE X206-1 Version: All versions < V5.2.5
Siemens SCALANCE X206-1LD Version: All versions < V5.2.5
Siemens SCALANCE X208 Version: All versions < V5.2.5
Siemens SCALANCE X208PRO Version: All versions < V5.2.5
Siemens SCALANCE X212-2 Version: All versions < V5.2.5
Siemens SCALANCE X212-2LD Version: All versions < V5.2.5
Siemens SCALANCE X216 Version: All versions < V5.2.5
Siemens SCALANCE X224 Version: All versions < V5.2.5
Siemens SCALANCE X302-7 EEC (230V, coated) Version: All versions < V4.1.4
Siemens SCALANCE X302-7 EEC (230V) Version: All versions < V4.1.4
Siemens SCALANCE X302-7 EEC (24V, coated) Version: All versions < V4.1.4
Siemens SCALANCE X302-7 EEC (24V) Version: All versions < V4.1.4
Siemens SCALANCE X302-7 EEC (2x 230V, coated) Version: All versions < V4.1.4
Siemens SCALANCE X302-7 EEC (2x 230V) Version: All versions < V4.1.4
Siemens SCALANCE X302-7 EEC (2x 24V, coated) Version: All versions < V4.1.4
Siemens SCALANCE X302-7 EEC (2x 24V) Version: All versions < V4.1.4
Siemens SCALANCE X304-2FE Version: All versions < V4.1.4
Siemens SCALANCE X306-1LD FE Version: All versions < V4.1.4
Siemens SCALANCE X307-2 EEC (230V, coated) Version: All versions < V4.1.4
Siemens SCALANCE X307-2 EEC (230V) Version: All versions < V4.1.4
Siemens SCALANCE X307-2 EEC (24V, coated) Version: All versions < V4.1.4
Siemens SCALANCE X307-2 EEC (24V) Version: All versions < V4.1.4
Siemens SCALANCE X307-2 EEC (2x 230V, coated) Version: All versions < V4.1.4
Siemens SCALANCE X307-2 EEC (2x 230V) Version: All versions < V4.1.4
Siemens SCALANCE X307-2 EEC (2x 24V, coated) Version: All versions < V4.1.4
Siemens SCALANCE X307-2 EEC (2x 24V) Version: All versions < V4.1.4
Siemens SCALANCE X307-3 Version: All versions < V4.1.4
Siemens SCALANCE X307-3 Version: All versions < V4.1.4
Siemens SCALANCE X307-3LD Version: All versions < V4.1.4
Siemens SCALANCE X307-3LD Version: All versions < V4.1.4
Siemens SCALANCE X308-2 Version: All versions < V4.1.4
Siemens SCALANCE X308-2 Version: All versions < V4.1.4
Siemens SCALANCE X308-2LD Version: All versions < V4.1.4
Siemens SCALANCE X308-2LD Version: All versions < V4.1.4
Siemens SCALANCE X308-2LH Version: All versions < V4.1.4
Siemens SCALANCE X308-2LH Version: All versions < V4.1.4
Siemens SCALANCE X308-2LH+ Version: All versions < V4.1.4
Siemens SCALANCE X308-2LH+ Version: All versions < V4.1.4
Siemens SCALANCE X308-2M Version: All versions < V4.1.4
Siemens SCALANCE X308-2M Version: All versions < V4.1.4
Siemens SCALANCE X308-2M PoE Version: All versions < V4.1.4
Siemens SCALANCE X308-2M PoE Version: All versions < V4.1.4
Siemens SCALANCE X308-2M TS Version: All versions < V4.1.4
Siemens SCALANCE X308-2M TS Version: All versions < V4.1.4
Siemens SCALANCE X310 Version: All versions < V4.1.4
Siemens SCALANCE X310 Version: All versions < V4.1.4
Siemens SCALANCE X310FE Version: All versions < V4.1.4
Siemens SCALANCE X310FE Version: All versions < V4.1.4
Siemens SCALANCE X320-1 FE Version: All versions < V4.1.4
Siemens SCALANCE X320-1-2LD FE Version: All versions < V4.1.4
Siemens SCALANCE X408-2 Version: All versions < V4.1.4
Siemens SCALANCE XF201-3P IRT Version: All versions < V5.5.0
Siemens SCALANCE XF202-2P IRT Version: All versions < V5.5.0
Siemens SCALANCE XF204 Version: All versions < V5.2.5
Siemens SCALANCE XF204-2 Version: All versions < V5.2.5
Siemens SCALANCE XF204-2BA IRT Version: All versions < V5.5.0
Siemens SCALANCE XF204IRT Version: All versions < V5.5.0
Siemens SCALANCE XF206-1 Version: All versions < V5.2.5
Siemens SCALANCE XF208 Version: All versions < V5.2.5
Siemens SCALANCE XR324-12M (230V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-12M (230V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-12M (230V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-12M (230V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-12M (24V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-12M (24V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-12M (24V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-12M (24V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-12M TS (24V) Version: All versions < V4.1.4
Siemens SCALANCE XR324-12M TS (24V) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (24V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (24V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (24V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (24V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 24V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 24V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 24V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M EEC (2x 24V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M PoE (230V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M PoE (230V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M PoE (24V, ports on front) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M PoE (24V, ports on rear) Version: All versions < V4.1.4
Siemens SCALANCE XR324-4M PoE TS (24V, ports on front) Version: All versions < V4.1.4
Siemens SIMATIC CP 343-1 Advanced Version: All versions
Siemens SIMATIC CP 442-1 RNA Version: All versions < V1.5.18
Siemens SIMATIC CP 443-1 Version: All versions < V3.3
Siemens SIMATIC CP 443-1 Version: All versions < V3.3
Siemens SIMATIC CP 443-1 Advanced Version: All versions < V3.3
Siemens SIMATIC CP 443-1 RNA Version: All versions < V1.5.18
Siemens SIMATIC RF180C Version: All versions
Siemens SIMATIC RF182C Version: All versions
Siemens SIPLUS NET CP 343-1 Advanced Version: All versions
Siemens SIPLUS NET CP 443-1 Version: All versions < V3.3
Siemens SIPLUS NET CP 443-1 Advanced Version: All versions < V3.3
Siemens SIPLUS NET SCALANCE X308-2 Version: All versions < V4.1.4
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:16:46.705Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X200-4P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X201-3P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2FM",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2LD TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X206-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X206-1LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X208",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X208PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X212-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X212-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X216",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X224",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X302-7 EEC (230V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X302-7 EEC (230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X302-7 EEC (24V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X302-7 EEC (24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X302-7 EEC (2x 230V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X302-7 EEC (2x 230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X302-7 EEC (2x 24V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X302-7 EEC (2x 24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X304-2FE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X306-1LD FE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-2 EEC (230V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-2 EEC (230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-2 EEC (24V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-2 EEC (24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-2 EEC (2x 230V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-2 EEC (2x 230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-2 EEC (2x 24V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-2 EEC (2x 24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-3",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-3",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-3LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X307-3LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2LH",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2LH",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2LH+",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2LH+",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2M",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2M",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2M PoE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2M PoE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2M TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X308-2M TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X310",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X310",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X310FE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X310FE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X320-1 FE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X320-1-2LD FE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X408-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2BA IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF206-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF208",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M (230V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M (230V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M (230V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M (230V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M (24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M (24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M (24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M (24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M TS (24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-12M TS (24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M PoE (230V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M PoE (24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 343-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 442-1 RNA",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.5.18"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1 RNA",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.5.18"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF180C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF182C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 343-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET SCALANCE X308-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, SCALANCE X202-2P IRT, SCALANCE X202-2P IRT PRO, SCALANCE X204-2, SCALANCE X204-2FM, SCALANCE X204-2LD, SCALANCE X204-2LD TS, SCALANCE X204-2TS, SCALANCE X204IRT, SCALANCE X204IRT PRO, SCALANCE X206-1, SCALANCE X206-1LD, SCALANCE X208, SCALANCE X208PRO, SCALANCE X212-2, SCALANCE X212-2LD, SCALANCE X216, SCALANCE X224, SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XF201-3P IRT, SCALANCE XF202-2P IRT, SCALANCE XF204, SCALANCE XF204-2, SCALANCE XF204-2BA IRT, SCALANCE XF204IRT, SCALANCE XF206-1, SCALANCE XF208, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIMATIC CP 343-1 Advanced, SIMATIC CP 442-1 RNA, SIMATIC CP 443-1, SIMATIC CP 443-1, SIMATIC CP 443-1 Advanced, SIMATIC CP 443-1 RNA, SIMATIC RF180C, SIMATIC RF182C, SIPLUS NET CP 343-1 Advanced, SIPLUS NET CP 443-1, SIPLUS NET CP 443-1 Advanced, SIPLUS NET SCALANCE X308-2. The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-11T09:01:51.207Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2019-19301",
    "datePublished": "2020-04-14T19:50:54",
    "dateReserved": "2019-11-26T00:00:00",
    "dateUpdated": "2024-08-05T02:16:46.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-6568
Vulnerability from cvelistv5
Published
2019-04-17 13:40
Modified
2024-08-04 20:23
Summary
The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.
Impacted products
Vendor Product Version
Siemens SIMATIC CP 1616 Version: All versions
Siemens SIMATIC CP 343-1 Advanced Version: All versions
Siemens SIMATIC CP 443-1 Version: All versions < V3.3
Siemens SIMATIC CP 443-1 Version: All versions < V3.3
Siemens SIMATIC CP 443-1 Advanced Version: All versions < V3.3
Siemens SIMATIC CP 443-1 OPC UA Version: All versions
Siemens SIMATIC ET 200pro IM154-8 PN/DP CPU Version: All versions < V3.2.16
Siemens SIMATIC ET 200pro IM154-8F PN/DP CPU Version: All versions < V3.2.16
Siemens SIMATIC ET 200pro IM154-8FX PN/DP CPU Version: All versions < V3.2.16
Siemens SIMATIC ET 200S IM151-8 PN/DP CPU Version: All versions < V3.2.16
Siemens SIMATIC ET 200S IM151-8F PN/DP CPU Version: All versions < V3.2.16
Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) Version: All versions < V2.1.6
Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) Version: All versions < V2.7
Siemens SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) Version: All versions < V15.1 Upd4
Siemens SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) Version: All versions < V15.1 Upd4
Siemens SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F Version: All versions < V15.1 Upd4
Siemens SIMATIC IPC DiagMonitor Version: All versions < V5.1.3
Siemens SIMATIC RF182C Version: All versions
Siemens SIMATIC RF185C Version: All versions < V1.1.0
Siemens SIMATIC RF186C Version: All versions < V1.1.0
Siemens SIMATIC RF188C Version: All versions < V1.1.0
Siemens SIMATIC RF600R family Version: All versions < V3.2.1
Siemens SIMATIC RFID 181EIP Version: All versions
Siemens SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) Version: All versions < V2.6.1
Siemens SIMATIC S7-1500 Software Controller Version: All versions < V2.7
Siemens SIMATIC S7-300 CPU 314C-2 PN/DP Version: All versions < V3.3.16
Siemens SIMATIC S7-300 CPU 315-2 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 315F-2 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 315T-3 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 317-2 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 317F-2 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 317T-3 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 317TF-3 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 319-3 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 319F-3 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC S7-PLCSIM Advanced Version: All versions < V2.0 SP1 UPD1
Siemens SIMATIC Teleservice Adapter IE Advanced Version: All versions
Siemens SIMATIC Teleservice Adapter IE Basic Version: All versions
Siemens SIMATIC Teleservice Adapter IE Standard Version: All versions
Siemens SIMATIC WinAC RTX 2010 Version: All versions < V2010 SP3
Siemens SIMATIC WinAC RTX F 2010 Version: All versions < V2010 SP3
Siemens SIMATIC WinCC Runtime Advanced Version: All versions < V15.1 Upd4
Siemens SIMOCODE pro V Ethernet/IP (incl. SIPLUS variants) Version: All versions < V1.1.3
Siemens SIMOCODE pro V PROFINET (incl. SIPLUS variants) Version: All versions < V2.1.3
Siemens SINAMICS G130 V4.6 Control Unit Version: All versions
Siemens SINAMICS G130 V4.7 Control Unit Version: All versions
Siemens SINAMICS G130 V4.7 SP1 Control Unit Version: All versions
Siemens SINAMICS G130 V4.8 Control Unit Version: All versions < V4.8 HF6
Siemens SINAMICS G130 V5.1 Control Unit Version: All versions
Siemens SINAMICS G130 V5.1 SP1 Control Unit Version: All versions < V5.1 SP1 HF4
Siemens SINAMICS G150 V4.6 Control Unit Version: All versions
Siemens SINAMICS G150 V4.7 Control Unit Version: All versions
Siemens SINAMICS G150 V4.7 SP1 Control Unit Version: All versions
Siemens SINAMICS G150 V4.8 Control Unit Version: All versions < V4.8 HF6
Siemens SINAMICS G150 V5.1 Control Unit Version: All versions
Siemens SINAMICS G150 V5.1 SP1 Control Unit Version: All versions < V5.1 SP1 HF4
Siemens SINAMICS GH150 V4.7 (Control Unit) Version: All versions
Siemens SINAMICS GH150 V4.8 (Control Unit) Version: All versions < V4.8 SP2 HF9
Siemens SINAMICS GL150 V4.7 (Control Unit) Version: All versions
Siemens SINAMICS GL150 V4.8 (Control Unit) Version: All versions < V4.8 SP2 HF9
Siemens SINAMICS GM150 V4.7 (Control Unit) Version: All versions
Siemens SINAMICS GM150 V4.8 (Control Unit) Version: All versions < V4.8 SP2 HF9
Siemens SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants) Version: All versions
Siemens SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants) Version: All versions
Siemens SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants) Version: All versions
Siemens SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants) Version: All versions < V4.8 HF6
Siemens SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants) Version: All versions
Siemens SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants) Version: All versions < V5.1 SP1 HF4
Siemens SINAMICS S150 V4.6 Control Unit Version: All versions
Siemens SINAMICS S150 V4.7 Control Unit Version: All versions
Siemens SINAMICS S150 V4.7 SP1 Control Unit Version: All versions
Siemens SINAMICS S150 V4.8 Control Unit Version: All versions < V4.8 HF6
Siemens SINAMICS S150 V5.1 Control Unit Version: All versions
Siemens SINAMICS S150 V5.1 SP1 Control Unit Version: All versions < V5.1 SP1 HF4
Siemens SINAMICS S210 Version: All versions < V5.1 SP1 HF8
Siemens SINAMICS SL150 V4.7 (Control Unit) Version: All versions < V4.7 HF33
Siemens SINAMICS SL150 V4.8 (Control Unit) Version: All versions
Siemens SINAMICS SM120 V4.7 (Control Unit) Version: All versions
Siemens SINAMICS SM120 V4.8 (Control Unit) Version: All versions < V4.8 SP2 HF10
Siemens SINAMICS SM150 V4.8 (Control Unit) Version: All versions
Siemens SIPLUS ET 200S IM151-8 PN/DP CPU Version: All versions < V3.2.16
Siemens SIPLUS ET 200S IM151-8F PN/DP CPU Version: All versions < V3.2.16
Siemens SIPLUS NET CP 343-1 Advanced Version: All versions
Siemens SIPLUS NET CP 443-1 Version: All versions < V3.3
Siemens SIPLUS NET CP 443-1 Advanced Version: All versions < V3.3
Siemens SIPLUS S7-300 CPU 314C-2 PN/DP Version: All versions < V3.3.16
Siemens SIPLUS S7-300 CPU 315-2 PN/DP Version: All versions < V3.2.16
Siemens SIPLUS S7-300 CPU 315F-2 PN/DP Version: All versions < V3.2.16
Siemens SIPLUS S7-300 CPU 317-2 PN/DP Version: All versions < V3.2.16
Siemens SIPLUS S7-300 CPU 317F-2 PN/DP Version: All versions < V3.2.16
Siemens SITOP Manager Version: All versions < V1.1
Siemens SITOP PSU8600 Version: All versions < V1.5
Siemens SITOP UPS1600 (incl. SIPLUS variants) Version: All versions < V2.3
Siemens TIM 1531 IRC (incl. SIPLUS NET variants) Version: All versions < V2.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:23:22.207Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1604",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1616",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 343-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1 OPC UA",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM154-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM154-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM154-8FX PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200S IM151-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200S IM151-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.1.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Upd4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Upd4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Upd4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC DiagMonitor",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.1.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF182C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF185C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.1.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF186C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.1.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF188C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.1.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF600R family",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RFID 181EIP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.6.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 Software Controller",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 314C-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317TF-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 319-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 319F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-PLCSIM Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.0 SP1 UPD1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Teleservice Adapter IE Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Teleservice Adapter IE Basic",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Teleservice Adapter IE Standard",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinAC RTX 2010",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2010 SP3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinAC RTX F 2010",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2010 SP3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC Runtime Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Upd4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.1.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOCODE pro V PROFINET (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.1.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G130 V4.6 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G130 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G130 V4.7 SP1 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G130 V4.8 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 HF6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G130 V5.1 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G130 V5.1 SP1 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.1 SP1 HF4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G150 V4.6 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G150 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G150 V4.7 SP1 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G150 V4.8 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 HF6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G150 V5.1 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G150 V5.1 SP1 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.1 SP1 HF4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GH150 V4.7 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GH150 V4.8 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 SP2 HF9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GL150 V4.7 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GL150 V4.8 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 SP2 HF9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GM150 V4.7 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GM150 V4.8 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 SP2 HF9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 HF6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.1 SP1 HF4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S150 V4.6 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S150 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S150 V4.7 SP1 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S150 V4.8 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 HF6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S150 V5.1 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S150 V5.1 SP1 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.1 SP1 HF4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S210",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.1 SP1 HF8"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS SL150 V4.7 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.7 HF33"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS SL150 V4.8 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS SM120 V4.7 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS SM120 V4.8 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 SP2 HF10"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS SM150 V4.8 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200S IM151-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200S IM151-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 343-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 314C-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 315-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 315F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 317-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 317F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SITOP Manager",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SITOP PSU8600",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SITOP UPS1600 (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "TIM 1531 IRC (incl. SIPLUS NET variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The webserver of the affected devices contains a vulnerability that may lead to\r\na denial of service condition. An attacker may cause a denial of service\r\nsituation which leads to a restart of the webserver of the affected device.\r\n\r\nThe security vulnerability could be exploited by an attacker with network\r\naccess to the affected systems. Successful exploitation requires no system\r\nprivileges and no user interaction. An attacker could use the vulnerability\r\nto compromise availability of the device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T11:51:03.049Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2019-6568",
    "datePublished": "2019-04-17T13:40:24",
    "dateReserved": "2019-01-22T00:00:00",
    "dateUpdated": "2024-08-04T20:23:22.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

var-201511-0184
Vulnerability from variot

A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs' configuration was stored on their corresponding CPUs. Siemens SIMATIC Multiple devices have vulnerabilities that can gain administrative access.By a third party TCP port 102 You may gain administrative access through the above session. Siemens SIMATIC CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1 is a communication module. Siemens SIMATIC CP 343-1 Advanced device prior to 3.0.44, CP 343-1 Lean, CP 343-1, TIM 3V-IE, TIM 3V-IE Advanced, TIM 3V-IE DNP3, TIM 4R-IE, TIM 4R- IE DNP3, CP 443-1, CP 443-1 Advanced has a security vulnerability in the implementation of the access protection layer, allowing unauthenticated remote attackers to exploit this vulnerability to gain administrator access through sessions on TCP port 102. Multiple Siemens SIMATIC products are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Siemens SIMATIC CP 343-1 Advanced and so on are the Ethernet communication modules used by German Siemens to support PROFINET (a new generation of automation bus standard based on industrial Ethernet technology)

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201511-0184",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic tim 3v-ie",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 343-1",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "siemens",
        "version": "lean"
      },
      {
        "model": "simatic cp 443-1",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "siemens",
        "version": "advanced"
      },
      {
        "model": "simatic tim 4r-ie",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "siemens",
        "version": "dnp3"
      },
      {
        "model": "simatic tim 4r-ie",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 343-1",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "simatic cp 443-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 343-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 343-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "none"
      },
      {
        "model": "simatic cp 343-1",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "advanced ( firmware  3.0.44  )"
      },
      {
        "model": "simatic cp 343-1",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "3.0.44   (advanced)"
      },
      {
        "model": "simatic cp 343-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "none"
      },
      {
        "model": "simatic cp 443-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic tim 3v-ie",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "none"
      },
      {
        "model": "simatic tim 3v-ie",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "advanced"
      },
      {
        "model": "simatic tim 3v-ie",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "dnp3"
      },
      {
        "model": "simatic tim 4r-ie",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "none"
      },
      {
        "model": "simatic tim 4r-ie",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "simatic tim 3v ie",
        "version": null
      },
      {
        "model": "simatic cp advanced devices",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1\u003c3.0.44"
      },
      {
        "model": "cp lean devices",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1"
      },
      {
        "model": "cp devices",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1"
      },
      {
        "model": "tim 3v-ie devices",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "tim 3v-ie advanced devices",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "tim 3v-ie dnp3 devices",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "tim 4r-ie devices",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "tim 4r-ie dnp3 devices",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cp devices",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      },
      {
        "model": "cp advanced devices",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      },
      {
        "model": "simatic cp 343-1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "simatic tim 4r-ie",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "simatic cp 443 1",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "simatic tim 4r ie",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "simatic cp 343 1",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8214"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:siemens:simatic_cp_343-1",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_343-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:siemens:simatic_cp_443-1",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:siemens:simatic_tim_3v-ie",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_tim_3v-ie_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:siemens:simatic_tim_4r-ie",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_tim_4r-ie_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lei ChengLin (Z-0ne) from Fengtai Technologies.",
    "sources": [
      {
        "db": "BID",
        "id": "78345"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-8214",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.7,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2015-8214",
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.7,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2015-07864",
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.7,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d",
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.7,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-86175",
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-8214",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-8214",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-07864",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201511-434",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-86175",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86175"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8214"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs\u0027 configuration was stored on their corresponding CPUs. Siemens SIMATIC Multiple devices have vulnerabilities that can gain administrative access.By a third party TCP port 102 You may gain administrative access through the above session. Siemens SIMATIC CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1 is a communication module. Siemens SIMATIC CP 343-1 Advanced device prior to 3.0.44, CP 343-1 Lean, CP 343-1, TIM 3V-IE, TIM 3V-IE Advanced, TIM 3V-IE DNP3, TIM 4R-IE, TIM 4R- IE DNP3, CP 443-1, CP 443-1 Advanced has a security vulnerability in the implementation of the access protection layer, allowing unauthenticated remote attackers to exploit this vulnerability to gain administrator access through sessions on TCP port 102. Multiple Siemens SIMATIC products are prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Siemens SIMATIC CP 343-1 Advanced and so on are the Ethernet communication modules used by German Siemens to support PROFINET (a new generation of automation bus standard based on industrial Ethernet technology)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-8214"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "db": "BID",
        "id": "78345"
      },
      {
        "db": "IVD",
        "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86175"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-8214",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-763427",
        "trust": 2.3
      },
      {
        "db": "BID",
        "id": "78345",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1034279",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-434",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-15-335-03",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-15-335-03A",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "6BF20E1E-2351-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-86175",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86175"
      },
      {
        "db": "BID",
        "id": "78345"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8214"
      }
    ]
  },
  "id": "VAR-201511-0184",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86175"
      }
    ],
    "trust": 1.9
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      }
    ]
  },
  "last_update_date": "2024-11-23T23:12:37.447000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-763427",
        "trust": 0.8,
        "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf"
      },
      {
        "title": "Patch for Siemens SIMATIC Communicator Module Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/67396"
      },
      {
        "title": "Multiple Siemens SIMATIC Product Privilege License and Access Control Vulnerability Fixes",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58866"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86175"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8214"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/78345"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1034279"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8214"
      },
      {
        "trust": 0.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-335-03"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8214"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-15-335-03a"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86175"
      },
      {
        "db": "BID",
        "id": "78345"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8214"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86175"
      },
      {
        "db": "BID",
        "id": "78345"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8214"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-01T00:00:00",
        "db": "IVD",
        "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2015-12-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "date": "2015-11-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-86175"
      },
      {
        "date": "2015-11-27T00:00:00",
        "db": "BID",
        "id": "78345"
      },
      {
        "date": "2015-12-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "date": "2015-11-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      },
      {
        "date": "2015-11-27T15:59:00.133000",
        "db": "NVD",
        "id": "CVE-2015-8214"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "date": "2016-12-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-86175"
      },
      {
        "date": "2015-12-08T22:20:00",
        "db": "BID",
        "id": "78345"
      },
      {
        "date": "2015-12-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "date": "2021-04-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      },
      {
        "date": "2024-11-21T02:38:06.013000",
        "db": "NVD",
        "id": "CVE-2015-8214"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens SIMATIC Vulnerabilities that allow multiple devices to gain administrative access",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      }
    ],
    "trust": 0.6
  }
}

var-202004-0713
Vulnerability from variot

A vulnerability has been identified in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, SCALANCE X202-2P IRT, SCALANCE X202-2P IRT PRO, SCALANCE X204-2, SCALANCE X204-2FM, SCALANCE X204-2LD, SCALANCE X204-2LD TS, SCALANCE X204-2TS, SCALANCE X204IRT, SCALANCE X204IRT PRO, SCALANCE X206-1, SCALANCE X206-1LD, SCALANCE X208, SCALANCE X208PRO, SCALANCE X212-2, SCALANCE X212-2LD, SCALANCE X216, SCALANCE X224, SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XF201-3P IRT, SCALANCE XF202-2P IRT, SCALANCE XF204, SCALANCE XF204-2, SCALANCE XF204-2BA IRT, SCALANCE XF204IRT, SCALANCE XF206-1, SCALANCE XF208, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIMATIC CP 343-1 Advanced, SIMATIC CP 442-1 RNA, SIMATIC CP 443-1, SIMATIC CP 443-1, SIMATIC CP 443-1 Advanced, SIMATIC CP 443-1 RNA, SIMATIC RF180C, SIMATIC RF182C, SIPLUS NET CP 343-1 Advanced, SIPLUS NET CP 443-1, SIPLUS NET CP 443-1 Advanced, SIPLUS NET SCALANCE X308-2. The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service. Several Siemens products contain resource exhaustion vulnerabilities.Service operation interruption (DoS) It may be put into a state. Siemens SCALANCE X-200, SCALANCE X-200IRT and SCALANCE X-300 are all industrial switch products.

Many Siemens products have resource management error vulnerabilities, which can be exploited by attackers to cause denial of service. A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions)

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0713",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "scalance x-200irt",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic rf182c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance x-200irt pro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 443-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 443-1 advanced",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance xc-200",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance xb-200",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance xr-300wg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance x-300",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance xr-300",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic rf180c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance xp-200",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance x-200irt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.5.0"
      },
      {
        "model": "scalance xf-200",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance x-200irt pro",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance x-300",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xb-200",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xc-200",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xf-200",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xp-200",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xr-300",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xr-300wg",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "scalance xc 200",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "simatic cp 443 1",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "simatic cp 443 1 advanced",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "simatic rf180c",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "simatic rf182c",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "scalance xf 200",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "scalance xp 200",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "scalance xb 200",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "scalance x 200irt",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "scalance x 200irt pro",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "scalance xr 300wg",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "scalance x 300",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "scalance xr 300",
        "version": "*"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "x-300"
      },
      {
        "model": "simatic rf182c",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "x-200"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      },
      {
        "model": "simatic rf180c",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b9fa949f-a798-488a-aaf8-2c06ba051bfb"
      },
      {
        "db": "IVD",
        "id": "b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59"
      },
      {
        "db": "IVD",
        "id": "bae9f8d6-af70-4836-a69a-44064f8f23ce"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23036"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015237"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19301"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_x-200irt_pro_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_x-200irt_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_x-300_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_xb-200_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_xc-200_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_xf-200_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_xp-200_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_xr-300_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_xr-300wg_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015237"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-800"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-19301",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-19301",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015237",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-23036",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "b9fa949f-a798-488a-aaf8-2c06ba051bfb",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "bae9f8d6-af70-4836-a69a-44064f8f23ce",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-19301",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015237",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-19301",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2019-19301",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-015237",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-23036",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202004-800",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "b9fa949f-a798-488a-aaf8-2c06ba051bfb",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "bae9f8d6-af70-4836-a69a-44064f8f23ce",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b9fa949f-a798-488a-aaf8-2c06ba051bfb"
      },
      {
        "db": "IVD",
        "id": "b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59"
      },
      {
        "db": "IVD",
        "id": "bae9f8d6-af70-4836-a69a-44064f8f23ce"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23036"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015237"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-800"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19301"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19301"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, SCALANCE X202-2P IRT, SCALANCE X202-2P IRT PRO, SCALANCE X204-2, SCALANCE X204-2FM, SCALANCE X204-2LD, SCALANCE X204-2LD TS, SCALANCE X204-2TS, SCALANCE X204IRT, SCALANCE X204IRT PRO, SCALANCE X206-1, SCALANCE X206-1LD, SCALANCE X208, SCALANCE X208PRO, SCALANCE X212-2, SCALANCE X212-2LD, SCALANCE X216, SCALANCE X224, SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XF201-3P IRT, SCALANCE XF202-2P IRT, SCALANCE XF204, SCALANCE XF204-2, SCALANCE XF204-2BA IRT, SCALANCE XF204IRT, SCALANCE XF206-1, SCALANCE XF208, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIMATIC CP 343-1 Advanced, SIMATIC CP 442-1 RNA, SIMATIC CP 443-1, SIMATIC CP 443-1, SIMATIC CP 443-1 Advanced, SIMATIC CP 443-1 RNA, SIMATIC RF180C, SIMATIC RF182C, SIPLUS NET CP 343-1 Advanced, SIPLUS NET CP 443-1, SIPLUS NET CP 443-1 Advanced, SIPLUS NET SCALANCE X308-2. The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service. Several Siemens products contain resource exhaustion vulnerabilities.Service operation interruption (DoS) It may be put into a state. Siemens SCALANCE X-200, SCALANCE X-200IRT and SCALANCE X-300 are all industrial switch products. \n\r\n\r\nMany Siemens products have resource management error vulnerabilities, which can be exploited by attackers to cause denial of service. A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-19301"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015237"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23036"
      },
      {
        "db": "IVD",
        "id": "b9fa949f-a798-488a-aaf8-2c06ba051bfb"
      },
      {
        "db": "IVD",
        "id": "b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59"
      },
      {
        "db": "IVD",
        "id": "bae9f8d6-af70-4836-a69a-44064f8f23ce"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-19301",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-105-07",
        "trust": 2.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-102233",
        "trust": 1.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23036",
        "trust": 1.2
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-800",
        "trust": 1.2
      },
      {
        "db": "JVN",
        "id": "JVNVU95499848",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015237",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1344",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "B9FA949F-A798-488A-AAF8-2C06BA051BFB",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "B2CB9F9F-6364-48F2-A154-9D2C9D2FBB59",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "BAE9F8D6-AF70-4836-A69A-44064F8F23CE",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b9fa949f-a798-488a-aaf8-2c06ba051bfb"
      },
      {
        "db": "IVD",
        "id": "b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59"
      },
      {
        "db": "IVD",
        "id": "bae9f8d6-af70-4836-a69a-44064f8f23ce"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23036"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015237"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-800"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19301"
      }
    ]
  },
  "id": "VAR-202004-0713",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "b9fa949f-a798-488a-aaf8-2c06ba051bfb"
      },
      {
        "db": "IVD",
        "id": "b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59"
      },
      {
        "db": "IVD",
        "id": "bae9f8d6-af70-4836-a69a-44064f8f23ce"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23036"
      }
    ],
    "trust": 1.8724957509999998
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b9fa949f-a798-488a-aaf8-2c06ba051bfb"
      },
      {
        "db": "IVD",
        "id": "b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59"
      },
      {
        "db": "IVD",
        "id": "bae9f8d6-af70-4836-a69a-44064f8f23ce"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23036"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:16:29.789000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-102233",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdf"
      },
      {
        "title": "Siemens SCALANCE X-200IRT Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=193682"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015237"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-800"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.8
      },
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015237"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19301"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-105-07"
      },
      {
        "trust": 1.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19301"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19301"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95499848/index.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/simatic-denial-of-service-via-vxworks-segmentsmack-32023"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-105-07"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1344/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-23036"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015237"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-800"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19301"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "b9fa949f-a798-488a-aaf8-2c06ba051bfb"
      },
      {
        "db": "IVD",
        "id": "b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59"
      },
      {
        "db": "IVD",
        "id": "bae9f8d6-af70-4836-a69a-44064f8f23ce"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23036"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015237"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-800"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19301"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-14T00:00:00",
        "db": "IVD",
        "id": "b9fa949f-a798-488a-aaf8-2c06ba051bfb"
      },
      {
        "date": "2020-04-14T00:00:00",
        "db": "IVD",
        "id": "b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59"
      },
      {
        "date": "2020-04-14T00:00:00",
        "db": "IVD",
        "id": "bae9f8d6-af70-4836-a69a-44064f8f23ce"
      },
      {
        "date": "2020-04-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-23036"
      },
      {
        "date": "2020-04-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015237"
      },
      {
        "date": "2020-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-800"
      },
      {
        "date": "2020-04-14T20:15:14.967000",
        "db": "NVD",
        "id": "CVE-2019-19301"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-23036"
      },
      {
        "date": "2020-04-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015237"
      },
      {
        "date": "2023-04-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-800"
      },
      {
        "date": "2024-11-21T04:34:31.900000",
        "db": "NVD",
        "id": "CVE-2019-19301"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-800"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Resource exhaustion vulnerabilities in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015237"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Resource management error",
    "sources": [
      {
        "db": "IVD",
        "id": "b9fa949f-a798-488a-aaf8-2c06ba051bfb"
      },
      {
        "db": "IVD",
        "id": "b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59"
      },
      {
        "db": "IVD",
        "id": "bae9f8d6-af70-4836-a69a-44064f8f23ce"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-800"
      }
    ],
    "trust": 1.2
  }
}

var-202304-0702
Vulnerability from variot

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product. simatic cp 1242-7 v2 firmware, SIMATIC CP 1243-1 firmware, simatic cp 1243-1 dnp3 Multiple Siemens products, including firmware, contain vulnerabilities related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC IPC DiagMonitor is a set of system monitoring and fault diagnosis software of Siemens (Siemens) in Germany. The SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect the SIMATIC S7-1200 controllers to the wide area network (WAN). They offer integrated security features such as firewalls, virtual private networks (VPNs), and support for other data encryption protocols. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or the ST7 master station via the SINAUT ST7 remote control protocol

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202304-0702",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "siemens",
        "version": "443-1\u003cv3.3"
      },
      {
        "model": "simatic cp 1243-7 lte eu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1542sp-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 443-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3"
      },
      {
        "model": "siplus net cp 443-1 advanced",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3"
      },
      {
        "model": "siplus et 200sp cp 1543sp-1 isec",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic ipc diagbase",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siplus tim 1531 irc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.3.6"
      },
      {
        "model": "siplus et 200sp cp 1542sp-1 irc tx rail",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic ipc diagmonitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "tim 1531 irc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.3.6"
      },
      {
        "model": "siplus s7-1200 cp 1243-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1243-1 iec",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siplus net cp 1242-7 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siplus s7-1200 cp 1243-1 rail",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1243-7 lte us",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siplus net cp 443-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3"
      },
      {
        "model": "simatic cp 1243-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1243-8 irc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1243-1 dnp3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1543sp-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siplus et 200sp cp 1543sp-1 isec tx rail",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1542sp-1 irc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 443-1 advanced",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3"
      },
      {
        "model": "simatic cp 1242-7 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 443-1 advanced",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic ipc diagmonitor",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1243-1 dnp3",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "siplus net cp 1242-7 v2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1542sp-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1243-8 irc",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1243-7 lte us",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "siplus net cp 443-1 advanced",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1543sp-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "siplus et 200sp cp 1543sp-1 isec",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 443-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1242-7 v2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1243-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1243-1 iec",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "siplus net cp 443-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "siplus et 200sp cp 1542sp-1 irc tx rail",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic ipc diagbase",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1542sp-1 irc",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "siplus et 200sp cp 1543sp-1 isec tx rail",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1243-7 lte eu",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic ipc diagmonitor",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1242-7v2"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-1"
      },
      {
        "model": "simatic cp lte eu",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-7"
      },
      {
        "model": "simatic cp lte us",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-7"
      },
      {
        "model": "simatic cp irc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-8"
      },
      {
        "model": "siplus net cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1242-7v2"
      },
      {
        "model": "siplus s7-1200 cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-1"
      },
      {
        "model": "siplus s7-1200 cp rail",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-1"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1\u003cv3.3"
      },
      {
        "model": "simatic cp dnp3",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-1"
      },
      {
        "model": "simatic cp iec",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-1"
      },
      {
        "model": "simatic cp 1542sp-1",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1542sp-1 irc",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1543sp-1",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic ipc diagbase",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siplus et 200sp cp 1542sp-1 irc tx rail",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siplus et 200sp cp 1543sp-1 isec",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siplus et 200sp cp 1543sp-1 isec tx rail",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siplus net cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1\u003cv3.3"
      },
      {
        "model": "siplus net cp advanced \u003cv3.3l",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      },
      {
        "model": "siplus tim irc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1531\u003cv2.3.6"
      },
      {
        "model": "tim irc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1531\u003cv2.3.6"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35756"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022093"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43716"
      }
    ]
  },
  "cve": "CVE-2022-43716",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2023-35756",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "productcert@siemens.com",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-43716",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2022-022093",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2022-43716",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-43716",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2022-022093",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-35756",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202304-727",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35756"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022093"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-727"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43716"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43716"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions \u003c V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions \u003c V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions \u003c V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions \u003c V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product. simatic cp 1242-7 v2 firmware, SIMATIC CP 1243-1 firmware, simatic cp 1243-1 dnp3 Multiple Siemens products, including firmware, contain vulnerabilities related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC IPC DiagMonitor is a set of system monitoring and fault diagnosis software of Siemens (Siemens) in Germany. The SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect the SIMATIC S7-1200 controllers to the wide area network (WAN). They offer integrated security features such as firewalls, virtual private networks (VPNs), and support for other data encryption protocols. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or the ST7 master station via the SINAUT ST7 remote control protocol",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-43716"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022093"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-35756"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-43716",
        "trust": 3.8
      },
      {
        "db": "SIEMENS",
        "id": "SSA-566905",
        "trust": 3.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-139628",
        "trust": 1.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-103-10",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94715153",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022093",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-35756",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.2159",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-727",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35756"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022093"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-727"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43716"
      }
    ]
  },
  "id": "VAR-202304-0702",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35756"
      }
    ],
    "trust": 1.3845387558333333
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35756"
      }
    ]
  },
  "last_update_date": "2024-09-10T21:39:02.572000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Denial of Service Vulnerability in Several Siemens Products",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/424641"
      },
      {
        "title": "Siemens SIMATIC CP443-1 OPC UA9 Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=233080"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35756"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-727"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-416",
        "trust": 1.0
      },
      {
        "problemtype": "Use of freed memory (CWE-416) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022093"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43716"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html"
      },
      {
        "trust": 1.0,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu94715153/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43716"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-10"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.2159"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-43716/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35756"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022093"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-727"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43716"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35756"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022093"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-727"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43716"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-05-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-35756"
      },
      {
        "date": "2023-11-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-022093"
      },
      {
        "date": "2023-04-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202304-727"
      },
      {
        "date": "2023-04-11T10:15:17.467000",
        "db": "NVD",
        "id": "CVE-2022-43716"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-05-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-35756"
      },
      {
        "date": "2023-11-15T06:20:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-022093"
      },
      {
        "date": "2023-05-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202304-727"
      },
      {
        "date": "2024-09-10T10:15:04.627000",
        "db": "NVD",
        "id": "CVE-2022-43716"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-727"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Use of Freed Memory Vulnerability in Multiple Siemens Products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022093"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-727"
      }
    ],
    "trust": 0.6
  }
}

var-202002-0449
Vulnerability from variot

Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack.

The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device. Several Siemens products contain resource exhaustion vulnerabilities.Service operation interruption (DoS) It may be put into a state. Both Siemens SCALANCE X-200IRT and SCALANCE XB-200 are products of the German company Siemens. SCALANCE X-200IRT is an industrial Ethernet switch. SCALANCE XB-200 is a managed industrial Ethernet switch. The vulnerability stems from the program's failure to limit the allocation of memory resources. A remote attacker can use the vulnerability by sending a specially crafted package to cause a denial of service. A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions < V4.6), PROFINET Driver for Controller (All Versions < V2.1), RUGGEDCOM RM1224 (All versions < V4.3), SCALANCE M-800 / S615 (All versions < V4.3), SCALANCE W700 IEEE 802.11n (All versions <= V6.0.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All Versions < V5.3), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG (All Versions < V3.0), SCALANCE XM-400 switch family (All Versions < V6.0), SCALANCE XR-500 switch family (All Versions < V6.0), SIMATIC CP 1616 and CP 1604 (All Versions < V2.8), SIMATIC CP 343-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 LEAN (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET200AL IM 157-1 PN (All versions), SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants) (All versions), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All Versions < V4.2.0), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All Versions < V3.3.1), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro, IM 154-3 PN HF (All versions), SIMATIC ET200pro, IM 154-4 PN HF (All versions), SIMATIC IPC Support, Package for VxWorks (All versions), SIMATIC MV400 family (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All Versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions), SIMATIC RF600 family (All versions < V3), SINAMICS DCP (All Versions < V1.3), SOFTNET-IE PNIO (All versions)

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0449",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "scalance xb-200",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xc-200",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xp-200",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xf-200ba",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xr-300wg",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "sinamics dcp",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "1.3"
      },
      {
        "model": "ruggedcom rm1224",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.3"
      },
      {
        "model": "simatic et200mp im155-5 pn hf",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.2.0"
      },
      {
        "model": "simatic et200mp im155-5 pn st",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.1.0"
      },
      {
        "model": "simatic et200sp im155-6 pn hf",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "3.3.1"
      },
      {
        "model": "simatic et200sp im155-6 pn st",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.1.0"
      },
      {
        "model": "simatic cp 443-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic et200pro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "dk standard ethernet controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic et200m im153-4 pn io st",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance xm-400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.0"
      },
      {
        "model": "scalance xb-200",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance xr528",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.0"
      },
      {
        "model": "simatic et200al im 157-1 pn",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance x-300",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance m-800",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.3"
      },
      {
        "model": "scalance x-200irt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.3"
      },
      {
        "model": "simatic cp 1616",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.8"
      },
      {
        "model": "simatic mv440",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "profinet driver",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.1"
      },
      {
        "model": "scalance s615",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.3"
      },
      {
        "model": "ek-ertec 200",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.5"
      },
      {
        "model": "simatic et200m im153-4 pn io hf",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic et200ecopn",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "im 154-4 pn hf",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "ek-ertec 200p",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.6"
      },
      {
        "model": "simatic cp 1604",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.8"
      },
      {
        "model": "scalance xc-200",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance xr526",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.0"
      },
      {
        "model": "simatic cp 343-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic et200s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic ipc support",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance xr524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.0"
      },
      {
        "model": "simatic mv420",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic rf182c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic pn\\/pn coupler",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 343-1 advanced",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic rf180c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance xp-200",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 443-1 advanced",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance xr552",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.0"
      },
      {
        "model": "simatic cp 343-1 erpc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic rf600",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "simatic cp 443-1 opc ua",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "im 154-3 pn hf",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance x-400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.0"
      },
      {
        "model": "simatic cp 343-1 lean",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance w700 ieee 802.11n",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.0.1"
      },
      {
        "model": "simatic et200sp im155-6 pn basic",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance xf-200",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "dk standard ethernet controller",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ek-ertec 200",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ek-ertec 200p p",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "profinet driver",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ruggedcom rm1224",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance m-800",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance s615",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance w700 ieee 802.11n",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xc-200",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic ipc support",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp lean",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1"
      },
      {
        "model": "simatic rf182c",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic pn/pn coupler 6es7158-3ad01-0xa0",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1616\u003c2.8"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1604\u003c2.8"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      },
      {
        "model": "development/evaluation kits for profinet io dk standard ethernet controller",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "development/evaluation kits for profinet io ek-ertec",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "200\u003c4.5"
      },
      {
        "model": "development/evaluation kits for profinet io ek-ertec 200p",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.6"
      },
      {
        "model": "profinet driver for controller",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "2.1"
      },
      {
        "model": "scalance m-800/s615",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.3"
      },
      {
        "model": "scalance w700 ieee 802.11n",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "\u003c=6.0.1"
      },
      {
        "model": "scalance switch",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "x-200"
      },
      {
        "model": "scalance x-200irt switch",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "5.3"
      },
      {
        "model": "scalance switch",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "x-300"
      },
      {
        "model": "scalance xm-400 switch",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "6.0"
      },
      {
        "model": "scalance xr-500 switch",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "6.0"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1"
      },
      {
        "model": "simatic cp erpc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      },
      {
        "model": "simatic cp opc ua",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      },
      {
        "model": "simatic et200al im pn",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "157-1"
      },
      {
        "model": "simatic et200m im153-4 pn io hf",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et200m im153-4 pn io st",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et200s",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et200sp im155-6 pn basic",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et200ecopn",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic ipc support,package for vxworks",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et200pro,im pn hf",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "154-3"
      },
      {
        "model": "simatic et200pro,im pn hf",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "154-4"
      },
      {
        "model": "simatic mv400",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic rf180c",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic rf600",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "scalance xp 200",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "scalance xb 200",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "scalance xr 300wg",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "scalance xc 200",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "dk standard ethernet controller",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "profinet driver",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic ipc support",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x 200irt",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x 200irt pro",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x 300",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xr 300",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ek ertec 200",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xf 200ba",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x 400",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xm 400",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xr524",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xr526",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xr528",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xr552",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 1616",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 1604",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ek ertec 200p",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 343 1",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 343 1 advanced",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 343 1 erpc",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 343 1 lean",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 443 1",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 443 1 advanced",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 443 1 opc ua",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et200al im 157 1 pn",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et200m im153 4 pn io hf",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et200m im153 4 pn io st",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ruggedcom rm1224",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et200mp im155 5 pn hf",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et200mp im155 5 pn st",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et200s",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et200sp im155 6 pn basic",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et200sp im155 6 pn hf",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et200sp im155 6 pn st",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et200ecopn",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et200pro",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "im 154 3 pn hf",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "im 154 4 pn hf",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance m 800",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic mv440",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic mv420",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic pn pn coupler",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic rf180c",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic rf182c",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic rf600",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics dcp",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance s615",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance w700 ieee 802 11n",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xf 200",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23039"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014603"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13946"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:dk_standard_ethernet_controller_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:ek-ertec_200_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:ek-ertec_200p_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:siemens:profinet_driver",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:ruggedcom_rm1224_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_m-800_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_s615_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_w700_ieee_802.11n_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_xc-200_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:siemens:simatic_ipc_support",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014603"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Yuval Ardon and Matan Dobrushin of OTORIO reported this vulnerability to CISA and Siemens.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-455"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-13946",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-13946",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014603",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-23039",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-13946",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014603",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-13946",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2019-13946",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-014603",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-23039",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202002-455",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-13946",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23039"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13946"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-455"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13946"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13946"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit\ninternal resource allocation when multiple legitimate diagnostic package\nrequests are sent to the DCE-RPC interface. \nThis could lead to a denial of service condition due to lack of memory\nfor devices that include a vulnerable version of the stack. \n\nThe security vulnerability could be exploited by an attacker with network\naccess to an affected device. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise the availability of the device. Several Siemens products contain resource exhaustion vulnerabilities.Service operation interruption (DoS) It may be put into a state. Both Siemens SCALANCE X-200IRT and SCALANCE XB-200 are products of the German company Siemens. SCALANCE X-200IRT is an industrial Ethernet switch. SCALANCE XB-200 is a managed industrial Ethernet switch. The vulnerability stems from the program\u0027s failure to limit the allocation of memory resources. A remote attacker can use the vulnerability by sending a specially crafted package to cause a denial of service. A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions \u003c V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions \u003c V4.6), PROFINET Driver for Controller (All Versions \u003c V2.1), RUGGEDCOM RM1224 (All versions \u003c V4.3), SCALANCE M-800 / S615 (All versions \u003c V4.3), SCALANCE W700 IEEE 802.11n (All versions \u003c= V6.0.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All Versions \u003c V5.3), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG (All Versions \u003c V3.0), SCALANCE XM-400 switch family (All Versions \u003c V6.0), SCALANCE XR-500 switch family (All Versions \u003c V6.0), SIMATIC CP 1616 and CP 1604 (All Versions \u003c V2.8), SIMATIC CP 343-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 LEAN (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET200AL IM 157-1 PN (All versions), SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants) (All versions), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All Versions \u003c V4.2.0), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All Versions \u003c V4.1.0), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All Versions \u003c V3.3.1), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All Versions \u003c V4.1.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro, IM 154-3 PN HF (All versions), SIMATIC ET200pro, IM 154-4 PN HF (All versions), SIMATIC IPC Support, Package for VxWorks (All versions), SIMATIC MV400 family (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All Versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions), SIMATIC RF600 family (All versions \u003c V3), SINAMICS DCP (All Versions \u003c V1.3), SOFTNET-IE PNIO (All versions)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-13946"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014603"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23039"
      },
      {
        "db": "IVD",
        "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13946"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-13946",
        "trust": 3.3
      },
      {
        "db": "SIEMENS",
        "id": "SSA-780073",
        "trust": 1.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-04",
        "trust": 1.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-05",
        "trust": 1.2
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23039",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-455",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014603",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-08",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-07",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-03",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-09",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-02",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-06",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-01",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-10",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0486",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0486.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0486.3",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "1044E3A5-DC26-4D11-BF22-4B3EB64F5CC9",
        "trust": 0.2
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13946",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23039"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13946"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-455"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13946"
      }
    ]
  },
  "id": "VAR-202002-0449",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23039"
      }
    ],
    "trust": 1.578657311794872
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23039"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:20:13.631000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-780073",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf"
      },
      {
        "title": "Patch for Multiple Siemens product resource management error vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/214023"
      },
      {
        "title": "Multiple Siemens Product resource management error vulnerability fixes",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=108751"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=8b423421a5be04457be73209a34b15cb"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-23039"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13946"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-455"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014603"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13946"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-04"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13946"
      },
      {
        "trust": 1.2,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-05"
      },
      {
        "trust": 1.0,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-780073.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13946"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-09"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-06"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-03"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-02"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-01"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0486/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0486.2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0486.3/"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-042-04"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/400.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-042-04"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-23039"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13946"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-455"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13946"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23039"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13946"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-455"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13946"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-11T00:00:00",
        "db": "IVD",
        "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9"
      },
      {
        "date": "2020-04-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-23039"
      },
      {
        "date": "2020-02-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-13946"
      },
      {
        "date": "2020-03-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014603"
      },
      {
        "date": "2020-02-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-455"
      },
      {
        "date": "2020-02-11T16:15:15.023000",
        "db": "NVD",
        "id": "CVE-2019-13946"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-23039"
      },
      {
        "date": "2022-04-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-13946"
      },
      {
        "date": "2020-03-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014603"
      },
      {
        "date": "2023-04-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-455"
      },
      {
        "date": "2024-11-21T04:25:45.080000",
        "db": "NVD",
        "id": "CVE-2019-13946"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-455"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Resource exhaustion vulnerabilities in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014603"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Resource management error",
    "sources": [
      {
        "db": "IVD",
        "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-455"
      }
    ],
    "trust": 0.8
  }
}

var-201904-0174
Vulnerability from variot

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device.

The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. Multiple Siemens products contain input validation vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensCP, SIAMTIC, SIMOCODE, SINAMICS, SITOP and TIM are all devices manufactured by Siemens. Multiple Siemens products are prone to an unspecified denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. A vulnerability has been identified in CP1604, CP1616, SIMATIC CP343-1 Advanced, SIMATIC CP443-1, SIMATIC CP443-1 Advanced, SIMATIC CP443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC HMI Comfort Outdoor Panels 7" & 15", SIMATIC HMI Comfort Panels 4" - 22", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family, SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family, SIMATIC S7-400 PN (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130 V4.6 (Control Unit), SINAMICS G130 V4.7 (Control Unit), SINAMICS G130 V4.7 SP1 (Control Unit), SINAMICS G130 V4.8 (Control Unit), SINAMICS G130 V5.1 (Control Unit), SINAMICS G130 V5.1 SP1 (Control Unit), SINAMICS G150 V4.6 (Control Unit), SINAMICS G150 V4.7 (Control Unit), SINAMICS G150 V4.7 SP1 (Control Unit), SINAMICS G150 V4.8 (Control Unit), SINAMICS G150 V5.1 (Control Unit), SINAMICS G150 V5.1 SP1 (Control Unit), SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 (Control Unit), SINAMICS S120 V4.7 (Control Unit), SINAMICS S120 V4.7 SP1 (Control Unit), SINAMICS S120 V4.8 (Control Unit), SINAMICS S120 V5.1 (Control Unit), SINAMICS S120 V5.1 SP1 (Control Unit), SINAMICS S150 V4.6 (Control Unit), SINAMICS S150 V4.7 (Control Unit), SINAMICS S150 V4.7 SP1 (Control Unit), SINAMICS S150 V4.8 (Control Unit), SINAMICS S150 V5.1 (Control Unit), SINAMICS S150 V5.1 SP1 (Control Unit), SINAMICS S210 V5.1 (Control Unit), SINAMICS S210 V5.1 SP1 (Control Unit), SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600, TIM 1531 IRC. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. are all products of German Siemens (Siemens). SIMATIC S7-1500 CPU is a CPU (central processing unit) module. CP1616 is a communications processor. SIMATIC S7-1500 is a programmable logic controller. The vulnerability stems from the failure of the network system or product to properly validate the input data

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0174",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinamics s210",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "sinamics s150",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "simatic hmi comfort outdoor panels",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "simatic hmi ktp mobile panels ktp900f",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "simatic hmi ktp mobile panels ktp700f",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "sinamics sm120",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic s7-plcsim advanced",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "simatic ipc diagmonitor",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.1.3"
      },
      {
        "model": "simatic s7-1500s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.6.1"
      },
      {
        "model": "sinamics gh150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic hmi ktp mobile panels ktp900",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "simatic wincc runtime advanced",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "sinamics gl150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic s7-400 pn",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simocode pro v pn",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.1.3"
      },
      {
        "model": "sinamics gm150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic hmi ktp mobile panels ktp700",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "simatic s7-1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.6.1"
      },
      {
        "model": "simatic cp443-1 advanced",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinamics sl150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sitop manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1"
      },
      {
        "model": "sinamics sm120",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic hmi comfort panels",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "simatic hmi ktp mobile panels ktp400f",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "simatic et 200 sp open controller cpu 1515sp pc2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.7"
      },
      {
        "model": "sinamics g130",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.2"
      },
      {
        "model": "cp1604",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic winac rtx",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "model": "sinamics s120",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.2"
      },
      {
        "model": "sitop psu8600",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.5"
      },
      {
        "model": "simatic hmi ktp mobile panels ktp700f",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "simatic cp443-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simocode pro v eip",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1.3"
      },
      {
        "model": "simatic s7-plcsim advanced",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "simatic s7-400 pn\\/dp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sitop ups1600",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.3"
      },
      {
        "model": "simatic s7-1500 software controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.7"
      },
      {
        "model": "sinamics sm150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "simatic rf182c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic rf600r",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2.1"
      },
      {
        "model": "cp1616",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic teleservice adapter ie standard",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic rf185c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1.0"
      },
      {
        "model": "simatic rf186c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1.0"
      },
      {
        "model": "simatic hmi comfort outdoor panels",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "simatic teleservice adapter ie basic",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic hmi ktp mobile panels ktp900f",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "sinamics gm150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic s7-1500t",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.6.1"
      },
      {
        "model": "simatic hmi ktp mobile panels ktp700",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "simatic hmi ktp mobile panels ktp900",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "simatic s7-300",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "simatic wincc runtime advanced",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "sinamics gh150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic rf188c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1.0"
      },
      {
        "model": "simatic hmi ktp mobile panels ktp400f",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "sinamics gl150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic et 200 sp open controller cpu 1515sp pc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.1.6"
      },
      {
        "model": "sinamics g150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.2"
      },
      {
        "model": "sinamics s150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "simatic winac rtx",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "model": "sinamics sl150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic cp443-1 opc ua",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinamics sm150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "simatic hmi comfort panels",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "simatic rf181-eip",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "tim 1531 irc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.1"
      },
      {
        "model": "simatic s7-1500f",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.6.1"
      },
      {
        "model": "simatic cp343-1 advanced",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinamics s210",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "simatic teleservice adapter ie advanced",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1543sp-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1604",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1616",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 343-1 advanced",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1 adv",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200 sp open controller cpu 1515sp pc",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200 sp open controller cpu 1515sp pc2",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic hmi comfort outdoor panels",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic hmi comfort panels",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic rf185c",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sinamics s150",
        "version": "5.1"
      },
      {
        "model": "simatic winac rtx sp2 all",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "model": "simatic s7-300 cpu family all",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400 pn/dp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v7"
      },
      {
        "model": "simatic s7-1500 software controller",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics s120",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics g130 and g150",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic rf182c",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic wincc runtime advanced",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp443-1 opc ua",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic ipc diagmonitor",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic rf188c",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic rf600r",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cp1604",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cp1616",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et sp open controller cpu 1515sp pc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "200\u003cv2.1.6"
      },
      {
        "model": "simatic hmi comfort panels 4\" 22\"",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic hmi ktp mobile panels",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-1500 cpu family",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400 pn",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v6"
      },
      {
        "model": "sinamics s150",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics s210",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v5.1"
      },
      {
        "model": "sinamics s210 sp1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v5.1"
      },
      {
        "model": "tim irc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1531"
      },
      {
        "model": "simatic hmi comfort outdoor panels 7\" \u0026 15\"",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic rf181-eip",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic rf186c",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-plcsim advanced",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic teleservice adapter ie advanced",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic teleservice adapter ie basic",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic teleservice adapter ie standard",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simocode pro eip",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v"
      },
      {
        "model": "simocode pro pn",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v"
      },
      {
        "model": "sitop manager",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sitop psu8600",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sitop ups1600",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siamtic rf185c",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp343-1 advanced",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp443-1",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp443-1 advanced",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et sp open controller cpu 1515sp pc2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "200"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "sinamics s210",
        "version": "5.1"
      },
      {
        "model": "tim irc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "15310"
      },
      {
        "model": "sitop ups1600",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sitop psu8600",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sitop manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sinamics s210 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "sinamics s150 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "sinamics s150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics s150 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics s150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics s150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.6"
      },
      {
        "model": "sinamics s120 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "sinamics s120",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "sinamics s120",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics s120 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics s120",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics s120",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.6"
      },
      {
        "model": "sinamics g150 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "sinamics g150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "sinamics g150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics g150 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics g150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics g150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.6"
      },
      {
        "model": "sinamics g130 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "sinamics g130",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "sinamics g130",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics g130 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics g130",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics g130",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.6"
      },
      {
        "model": "simocode pro pn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v0"
      },
      {
        "model": "simocode pro eip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v0"
      },
      {
        "model": "simatic wincc runtime advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic winac rtx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "20100"
      },
      {
        "model": "simatic teleservice adapter ie standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic teleservice adapter ie basic",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic teleservice adapter ie advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic s7-plcsim advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic s7-400 pn/dp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7"
      },
      {
        "model": "simatic s7-400 pn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v60"
      },
      {
        "model": "simatic s7-300 cpu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic s7-1500 software controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic s7-1500 cpu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic rf600r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic rf188c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic rf186c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic rf185c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic rf182c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic ipc diagmonitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic hmi ktp900f mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic hmi ktp900 mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic hmi ktp700f mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic hmi ktp700 mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic hmi ktp400f mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic hmi ktp mobile panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic hmi comfort panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic hmi comfort outdoor panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic et200 open controller cpu 1515sp pc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic et200 open controller cpu 1515sp pc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic cp opc ua",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "443-10"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "443-10"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "443-10"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "343-10"
      },
      {
        "model": "rfid 181-eip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "16160"
      },
      {
        "model": "cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "16040"
      },
      {
        "model": "sinamics s150 sp1 hf4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "sinamics s150 hf6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics s120 sp1 hf4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "sinamics s120 hf6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics g150 sp1 hf4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "sinamics g150 hf6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics g130 sp1 hf4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "sinamics g130 hf6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic s7-300 cpu",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v3.x.16"
      },
      {
        "model": "simatic et200 open controller cpu 1515sp pc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2.1.6"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "cp1604",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic hmi comfort panels",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic hmi ktp mobile panels ktp400f",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic hmi ktp mobile panels ktp700",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic hmi ktp mobile panels ktp700f",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic hmi ktp mobile panels ktp900",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic hmi ktp mobile panels ktp900f",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp443 1 opc ua",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic ipc diagmonitor",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1500 controller",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 plcsim advanced",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic wincc runtime advanced",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sitop manager",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic rf600r",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic rf188c",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic rf186c",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "cp1616",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic rf182c",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic rf181 eip",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1500",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400 pn",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400 pn dp",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic teleservice adapter ie advanced",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic teleservice adapter ie basic",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic teleservice adapter ie standard",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic winac rtx 2010",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic rf185c",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simocode pro v eip",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simocode pro v pn",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g130",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g150",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics s120",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics s150",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics s210",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sitop psu8600",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sitop ups1600",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "tim 1531 irc",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp343 1 advanced",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1500f",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1500s",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1500t",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp443 1",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp443 1 advanced",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200 sp open controller cpu 1515sp pc",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200 sp open controller cpu 1515sp pc2",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic hmi comfort outdoor panels",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-12904"
      },
      {
        "db": "BID",
        "id": "107842"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003541"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6568"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_1604_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_1616_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp343-1_advanced_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_adv_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_outdoor_panels_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_panels",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_rf185c_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003541"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens reported this vulnerability to NCCIC.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-458"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-6568",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-6568",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-12904",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-158003",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-6568",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-6568",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-6568",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2019-6568",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-6568",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-12904",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201904-458",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-158003",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-12904"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158003"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-458"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6568"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6568"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The webserver of the affected devices contains a vulnerability that may lead to\r\na denial of service condition. An attacker may cause a denial of service\r\nsituation which leads to a restart of the webserver of the affected device. \r\n\r\nThe security vulnerability could be exploited by an attacker with network\r\naccess to the affected systems. Successful exploitation requires no system\r\nprivileges and no user interaction. An attacker could use the vulnerability\r\nto compromise availability of the device. Multiple Siemens products contain input validation vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensCP, SIAMTIC, SIMOCODE, SINAMICS, SITOP and TIM are all devices manufactured by Siemens. Multiple Siemens products are prone to an unspecified denial-of-service vulnerability. \nAttackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. A vulnerability has been identified in CP1604, CP1616, SIMATIC CP343-1 Advanced, SIMATIC CP443-1, SIMATIC CP443-1 Advanced, SIMATIC CP443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\", SIMATIC HMI Comfort Panels 4\" - 22\", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family, SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family, SIMATIC S7-400 PN (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130 V4.6 (Control Unit), SINAMICS G130 V4.7 (Control Unit), SINAMICS G130 V4.7 SP1 (Control Unit), SINAMICS G130 V4.8 (Control Unit), SINAMICS G130 V5.1 (Control Unit), SINAMICS G130 V5.1 SP1 (Control Unit), SINAMICS G150 V4.6 (Control Unit), SINAMICS G150 V4.7 (Control Unit), SINAMICS G150 V4.7 SP1 (Control Unit), SINAMICS G150 V4.8 (Control Unit), SINAMICS G150 V5.1 (Control Unit), SINAMICS G150 V5.1 SP1 (Control Unit), SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 (Control Unit), SINAMICS S120 V4.7 (Control Unit), SINAMICS S120 V4.7 SP1 (Control Unit), SINAMICS S120 V4.8 (Control Unit), SINAMICS S120 V5.1 (Control Unit), SINAMICS S120 V5.1 SP1 (Control Unit), SINAMICS S150 V4.6 (Control Unit), SINAMICS S150 V4.7 (Control Unit), SINAMICS S150 V4.7 SP1 (Control Unit), SINAMICS S150 V4.8 (Control Unit), SINAMICS S150 V5.1 (Control Unit), SINAMICS S150 V5.1 SP1 (Control Unit), SINAMICS S210 V5.1 (Control Unit), SINAMICS S210 V5.1 SP1 (Control Unit), SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600, TIM 1531 IRC. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. are all products of German Siemens (Siemens). SIMATIC S7-1500 CPU is a CPU (central processing unit) module. CP1616 is a communications processor. SIMATIC S7-1500 is a programmable logic controller. The vulnerability stems from the failure of the network system or product to properly validate the input data",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6568"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003541"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-12904"
      },
      {
        "db": "BID",
        "id": "107842"
      },
      {
        "db": "IVD",
        "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158003"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6568",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-099-06",
        "trust": 2.3
      },
      {
        "db": "SIEMENS",
        "id": "SSA-480230",
        "trust": 2.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-530931",
        "trust": 1.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-227-04",
        "trust": 1.4
      },
      {
        "db": "BID",
        "id": "107842",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-458",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-12904",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003541",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3150",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1204.2",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "A397CC8B-EE17-4FAF-8447-E9EE5F57DD12",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-158003",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-12904"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158003"
      },
      {
        "db": "BID",
        "id": "107842"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-458"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6568"
      }
    ]
  },
  "id": "VAR-201904-0174",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-12904"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158003"
      }
    ],
    "trust": 1.5998432480392157
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-12904"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:25:58.024000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-480230",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
      },
      {
        "title": "SSA-530931",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
      },
      {
        "title": "Patches for multiple Siemens product denial of service vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/160237"
      },
      {
        "title": "Multiple Siemens Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=91286"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-12904"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-458"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158003"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003541"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6568"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-06"
      },
      {
        "trust": 2.0,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-04"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6568"
      },
      {
        "trust": 0.9,
        "url": "http://subscriber.communications.siemens.com/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6568"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3150/"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-19-099-06"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-099-06"
      },
      {
        "trust": 0.6,
        "url": "https://www.securityfocus.com/bid/107842"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/siemens-simatic-denial-of-service-via-webserver-28976"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/78710"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-12904"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158003"
      },
      {
        "db": "BID",
        "id": "107842"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-458"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6568"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-12904"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158003"
      },
      {
        "db": "BID",
        "id": "107842"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-458"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6568"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-05T00:00:00",
        "db": "IVD",
        "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
      },
      {
        "date": "2019-05-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-12904"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158003"
      },
      {
        "date": "2019-04-09T00:00:00",
        "db": "BID",
        "id": "107842"
      },
      {
        "date": "2019-05-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003541"
      },
      {
        "date": "2019-04-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-458"
      },
      {
        "date": "2019-04-17T14:29:03.683000",
        "db": "NVD",
        "id": "CVE-2019-6568"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-12904"
      },
      {
        "date": "2023-01-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158003"
      },
      {
        "date": "2019-04-09T00:00:00",
        "db": "BID",
        "id": "107842"
      },
      {
        "date": "2019-08-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003541"
      },
      {
        "date": "2023-04-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-458"
      },
      {
        "date": "2024-11-21T04:46:42.773000",
        "db": "NVD",
        "id": "CVE-2019-6568"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-458"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Vulnerability related to input validation in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003541"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-458"
      }
    ],
    "trust": 0.6
  }
}

var-202304-0701
Vulnerability from variot

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. simatic cp 1242-7 v2 firmware, SIMATIC CP 1243-1 firmware, simatic cp 1243-1 dnp3 Multiple Siemens products, including firmware, contain vulnerabilities related to limited or unthrottled resource allocation.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC IPC DiagMonitor is a set of system monitoring and fault diagnosis software from Siemens. The SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect the SIMATIC S7-1200 controllers to the wide area network (WAN). They offer integrated security features such as firewalls, virtual private networks (VPNs), and support for other data encryption protocols. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or the ST7 master station via the SINAUT ST7 remote control protocol

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202304-0701",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "siemens",
        "version": "443-1\u003cv3.3"
      },
      {
        "model": "simatic cp 1243-7 lte eu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1542sp-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 443-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3"
      },
      {
        "model": "siplus net cp 443-1 advanced",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3"
      },
      {
        "model": "siplus et 200sp cp 1543sp-1 isec",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic ipc diagbase",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siplus tim 1531 irc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.3.6"
      },
      {
        "model": "siplus et 200sp cp 1542sp-1 irc tx rail",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic ipc diagmonitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "tim 1531 irc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.3.6"
      },
      {
        "model": "siplus s7-1200 cp 1243-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1243-1 iec",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siplus net cp 1242-7 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siplus s7-1200 cp 1243-1 rail",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1243-7 lte us",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siplus net cp 443-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3"
      },
      {
        "model": "simatic cp 1243-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1243-8 irc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1243-1 dnp3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1543sp-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siplus et 200sp cp 1543sp-1 isec tx rail",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1542sp-1 irc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 443-1 advanced",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3"
      },
      {
        "model": "simatic cp 1242-7 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 443-1 advanced",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic ipc diagmonitor",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1243-1 dnp3",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "siplus net cp 1242-7 v2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1542sp-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1243-8 irc",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1243-7 lte us",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "siplus net cp 443-1 advanced",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1543sp-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "siplus et 200sp cp 1543sp-1 isec",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 443-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1242-7 v2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1243-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1243-1 iec",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "siplus net cp 443-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "siplus et 200sp cp 1542sp-1 irc tx rail",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic ipc diagbase",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1542sp-1 irc",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "siplus et 200sp cp 1543sp-1 isec tx rail",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1243-7 lte eu",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic ipc diagmonitor",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1242-7v2"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-1"
      },
      {
        "model": "simatic cp lte eu",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-7"
      },
      {
        "model": "simatic cp lte us",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-7"
      },
      {
        "model": "simatic cp irc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-8"
      },
      {
        "model": "siplus net cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1242-7v2"
      },
      {
        "model": "siplus s7-1200 cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-1"
      },
      {
        "model": "siplus s7-1200 cp rail",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-1"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1\u003cv3.3"
      },
      {
        "model": "simatic cp dnp3",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-1"
      },
      {
        "model": "simatic cp iec",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-1"
      },
      {
        "model": "simatic cp 1542sp-1",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1542sp-1 irc",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1543sp-1",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic ipc diagbase",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siplus et 200sp cp 1542sp-1 irc tx rail",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siplus et 200sp cp 1543sp-1 isec",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siplus et 200sp cp 1543sp-1 isec tx rail",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siplus net cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1\u003cv3.3"
      },
      {
        "model": "siplus net cp advanced \u003cv3.3l",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      },
      {
        "model": "siplus tim irc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1531\u003cv2.3.6"
      },
      {
        "model": "tim irc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1531\u003cv2.3.6"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35759"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022095"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43768"
      }
    ]
  },
  "cve": "CVE-2022-43768",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2023-35759",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "productcert@siemens.com",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-43768",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2022-022095",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2022-43768",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2022-022095",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-35759",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202304-726",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35759"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022095"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-726"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43768"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions \u003c V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions \u003c V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions \u003c V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions \u003c V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. simatic cp 1242-7 v2 firmware, SIMATIC CP 1243-1 firmware, simatic cp 1243-1 dnp3 Multiple Siemens products, including firmware, contain vulnerabilities related to limited or unthrottled resource allocation.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC IPC DiagMonitor is a set of system monitoring and fault diagnosis software from Siemens. The SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect the SIMATIC S7-1200 controllers to the wide area network (WAN). They offer integrated security features such as firewalls, virtual private networks (VPNs), and support for other data encryption protocols. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or the ST7 master station via the SINAUT ST7 remote control protocol",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-43768"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022095"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-35759"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-43768",
        "trust": 3.8
      },
      {
        "db": "SIEMENS",
        "id": "SSA-566905",
        "trust": 3.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-139628",
        "trust": 1.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-103-10",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94715153",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022095",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-35759",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.2159",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-726",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35759"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022095"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-726"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43768"
      }
    ]
  },
  "id": "VAR-202304-0701",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35759"
      }
    ],
    "trust": 1.3845387558333333
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35759"
      }
    ]
  },
  "last_update_date": "2024-09-10T22:39:35.933000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Denial of Service Vulnerability in Several Siemens Products (CNVD-2023-35759)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/424651"
      },
      {
        "title": "Siemens SIMATIC CP443-1 OPC UA9 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=233079"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35759"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-726"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-770",
        "trust": 1.0
      },
      {
        "problemtype": "Allocation of resources without limits or throttling (CWE-770) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022095"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43768"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html"
      },
      {
        "trust": 1.0,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu94715153/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43768"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-10"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-43768/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.2159"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35759"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022095"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-726"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43768"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35759"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022095"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-726"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43768"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-05-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-35759"
      },
      {
        "date": "2023-11-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-022095"
      },
      {
        "date": "2023-04-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202304-726"
      },
      {
        "date": "2023-04-11T10:15:17.617000",
        "db": "NVD",
        "id": "CVE-2022-43768"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-05-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-35759"
      },
      {
        "date": "2023-11-15T06:20:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-022095"
      },
      {
        "date": "2023-05-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202304-726"
      },
      {
        "date": "2024-09-10T10:15:05.020000",
        "db": "NVD",
        "id": "CVE-2022-43768"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-726"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Vulnerability in limiting or non-slotting resource allocation in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022095"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-726"
      }
    ],
    "trust": 0.6
  }
}

var-201611-0019
Vulnerability from variot

A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server at port 80/TCP or port 443/TCP of the affected devices could allow remote attackers to perform actions with the permissions of an authenticated user, provided the targeted user has an active session and is induced to trigger the malicious request. plural Siemens SIMATIC Product integration Web The server contains a cross-site request forgery vulnerability.A remote attacker could hijack an arbitrary user's authentication. SiemensSIMATICCP343-1Advanceddevices is an Ethernet communication module from Siemens AG to support PROFINET, the next generation of industrial bus technology-based automation bus standard. A cross-site request forgery vulnerability exists in SiemensSIMATICCP343-1Advanceddevices. A successful exploit may allow an attacker to obtain sensitive information, and perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201611-0019",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic s7 300 cpu",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 343-1",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7 400 cpu",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 343-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 343-1",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "3.0.53   (advanced)"
      },
      {
        "model": "simatic cp 443-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "(advanced)"
      },
      {
        "model": "simatic s7-300 cpu",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-300 cpu",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400 cpu",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400 cpu",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp advanced all",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1\u003c3.0.53"
      },
      {
        "model": "simatic s7-400 cpu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic s7-300 cpu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "443-10"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "343-10"
      },
      {
        "model": "simatic cp advanced",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "343-13.0.53"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 443 1",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 343 1",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400 cpu",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "be3986e8-e8db-40fd-b919-49726aae4f2e"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11665"
      },
      {
        "db": "BID",
        "id": "94460"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005923"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-531"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8673"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:siemens:simatic_cp_343-1",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_343-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:siemens:simatic_cp_443-1",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:siemens:simatic_s7-300_cpu",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-300_cpu_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:siemens:simatic_s7-400_cpu",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-400_cpu_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005923"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "94460"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-8673",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2016-8673",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-11665",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "be3986e8-e8db-40fd-b919-49726aae4f2e",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-97493",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2016-8673",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-8673",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-8673",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-11665",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201611-531",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "be3986e8-e8db-40fd-b919-49726aae4f2e",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-97493",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "be3986e8-e8db-40fd-b919-49726aae4f2e"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11665"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005923"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-531"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8673"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions \u003c V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions \u003c V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server at port 80/TCP or port 443/TCP of the affected devices could allow remote attackers to perform actions with the permissions of an authenticated user, provided the targeted user has an active session and is induced to trigger the malicious request. plural Siemens SIMATIC Product integration Web The server contains a cross-site request forgery vulnerability.A remote attacker could hijack an arbitrary user\u0027s authentication. SiemensSIMATICCP343-1Advanceddevices is an Ethernet communication module from Siemens AG to support PROFINET, the next generation of industrial bus technology-based automation bus standard. A cross-site request forgery vulnerability exists in SiemensSIMATICCP343-1Advanceddevices. \nA successful exploit may allow an attacker to obtain sensitive information, and perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8673"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005923"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11665"
      },
      {
        "db": "BID",
        "id": "94460"
      },
      {
        "db": "IVD",
        "id": "be3986e8-e8db-40fd-b919-49726aae4f2e"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97493"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-8673",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-603476",
        "trust": 2.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-16-327-02",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-531",
        "trust": 0.9
      },
      {
        "db": "BID",
        "id": "94460",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11665",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005923",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "BE3986E8-E8DB-40FD-B919-49726AAE4F2E",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-97493",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "be3986e8-e8db-40fd-b919-49726aae4f2e"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11665"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97493"
      },
      {
        "db": "BID",
        "id": "94460"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005923"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-531"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8673"
      }
    ]
  },
  "id": "VAR-201611-0019",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "be3986e8-e8db-40fd-b919-49726aae4f2e"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11665"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97493"
      }
    ],
    "trust": 1.6505322625
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "be3986e8-e8db-40fd-b919-49726aae4f2e"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11665"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:26:55.231000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-603476",
        "trust": 0.8,
        "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf"
      },
      {
        "title": "SiemensSIMATICCP343-1Advanceddevices patch for cross-site request forgery vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/84156"
      },
      {
        "title": "Multiple Siemens Repair measures for product cross-site request forgery vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65866"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11665"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005923"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-531"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005923"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8673"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-327-02"
      },
      {
        "trust": 0.9,
        "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8673"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8673"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-16-327-02"
      },
      {
        "trust": 0.3,
        "url": "http://www.siemens.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11665"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97493"
      },
      {
        "db": "BID",
        "id": "94460"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005923"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-531"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8673"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "be3986e8-e8db-40fd-b919-49726aae4f2e"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11665"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97493"
      },
      {
        "db": "BID",
        "id": "94460"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005923"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-531"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8673"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-30T00:00:00",
        "db": "IVD",
        "id": "be3986e8-e8db-40fd-b919-49726aae4f2e"
      },
      {
        "date": "2016-11-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-11665"
      },
      {
        "date": "2016-11-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97493"
      },
      {
        "date": "2016-11-21T00:00:00",
        "db": "BID",
        "id": "94460"
      },
      {
        "date": "2016-11-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005923"
      },
      {
        "date": "2016-11-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-531"
      },
      {
        "date": "2016-11-23T11:59:01.657000",
        "db": "NVD",
        "id": "CVE-2016-8673"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-11665"
      },
      {
        "date": "2019-12-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97493"
      },
      {
        "date": "2016-11-24T00:16:00",
        "db": "BID",
        "id": "94460"
      },
      {
        "date": "2016-11-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005923"
      },
      {
        "date": "2019-12-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-531"
      },
      {
        "date": "2024-11-21T02:59:48.720000",
        "db": "NVD",
        "id": "CVE-2016-8673"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-531"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens SIMATIC CP 343-1 Advanced devices Cross-Site Request Forgery Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "be3986e8-e8db-40fd-b919-49726aae4f2e"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11665"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-531"
      }
    ],
    "trust": 0.6
  }
}

var-201611-0018
Vulnerability from variot

A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server delivers cookies without the "secure" flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission. plural Siemens SIMATIC Product integration Web The server https Session unspecified Cookie Against secure Because the flag is not set, Cookie There is a vulnerability that will be captured.By a remote attacker, http By intercepting transmissions within a session, Cookie May be captured. SiemensSIMATICS7-300/S7-400CPUfamilies are used to provide discrete and continuous control in industrial environments such as manufacturing, food and beverage, and the global chemical industry. An information disclosure vulnerability exists in the SIMATICS7-300/S7-400CPUfamily. Attackers exploit vulnerabilities to obtain sensitive information. Multiple Siemens Products are prone to a cross-site request-forgery vulnerability and an information-disclosure vulnerability. Other attacks are also possible. Siemens SIMATIC CP 343-1 Advanced and so on are the Ethernet communication modules used by German Siemens to support PROFINET (a new generation of automation bus standard based on industrial Ethernet technology). This vulnerability stems from configuration errors in network systems or products during operation. The following vulnerabilities have been reported to Siemens CERT and are now covered by by Siemens Security Advisory SSA-603476, published today (2016-11-21) and available at the following URL:

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf

-- CVE-016-8672 ---------------------------------------------------------

Summary: Lack of cookie protection for management web interface.

The HttpOnly flag prevents client side scripts from accessing a cookie, mitigating cross-site scripting (XSS) attacks.

The session cookie weaknesses, with particular reference to the lack of the Secure flag, highlight the need for a forced encrypted connection to the exposed web interface, in order to mitigate any hijacking of its credentials

Credit: Inverse Path auditors in collaboration with AIRBUS ICT Industrial Security team

-- CVE-016-8673 ---------------------------------------------------------

Summary: Cross-site request forgery for management web interface.

Affected products: SIMATIC CP 343-1 Advanced: All versions < V3.0.53 SIMATIC CP 443-1 Advanced: All versions SIMATIC S7-300 CPU family: All firmware versions SIMATIC S7-400 CPU family: All firmware versions

Description:

The Cross-site request forgery (CSRF) class of attacks leverages on the trust that a logged in user gives to HTML content of unrelated origins, by triggering unauthorized commands via HTML links or scripts injected by the attacker in the browser context.

The web management interface does not take advantage of any CSRF protection mechanism. This omission allows unauthorized POST requests to be issued by any JavaScript loaded in the user browser execution context, regardless of their origin.

Given the fact that the affected products support POST requests, to upload Access Control List (ACL) configuration or customer specific actions, the lack of CSRF protection exposes the risk of unauthenticated management actions.

Credit: Inverse Path auditors in collaboration with AIRBUS ICT Industrial Security team


-- Andrea Barisani Inverse Path Srl Chief Security Engineer -----> <--------

andrea@inversepath.com http://www.inversepath.com 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E "Pluralitas non est ponenda sine necessitate"

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201611-0018",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic s7 300 cpu",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 343-1",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7 400 cpu",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 343-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 343-1",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "3.0.53   (advanced)"
      },
      {
        "model": "simatic cp 443-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "(advanced)"
      },
      {
        "model": "simatic s7-300 cpu",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-300 cpu",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400 cpu",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400 cpu",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-300 cpu family all",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400 cpu family all",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400 cpu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic s7-300 cpu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "443-10"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "343-10"
      },
      {
        "model": "simatic cp advanced",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "343-13.0.53"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 343 1",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400 cpu",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 443 1",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "72bae294-54fe-4905-a053-bff375973da9"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11664"
      },
      {
        "db": "BID",
        "id": "94460"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005922"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-530"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8672"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:siemens:simatic_cp_343-1",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_343-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:siemens:simatic_cp_443-1",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:siemens:simatic_s7-300_cpu",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-300_cpu_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:siemens:simatic_s7-400_cpu",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-400_cpu_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005922"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "94460"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-8672",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-8672",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2016-11664",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "72bae294-54fe-4905-a053-bff375973da9",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-97492",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-8672",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-8672",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-8672",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-11664",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201611-530",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "72bae294-54fe-4905-a053-bff375973da9",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-97492",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "72bae294-54fe-4905-a053-bff375973da9"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11664"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97492"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005922"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-530"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8672"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions \u003c V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions \u003c V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server delivers cookies without the \"secure\" flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission. plural Siemens SIMATIC Product integration Web The server https Session unspecified Cookie Against secure Because the flag is not set, Cookie There is a vulnerability that will be captured.By a remote attacker, http By intercepting transmissions within a session, Cookie May be captured. SiemensSIMATICS7-300/S7-400CPUfamilies are used to provide discrete and continuous control in industrial environments such as manufacturing, food and beverage, and the global chemical industry. An information disclosure vulnerability exists in the SIMATICS7-300/S7-400CPUfamily. Attackers exploit vulnerabilities to obtain sensitive information. Multiple Siemens Products are prone to a cross-site request-forgery vulnerability and an information-disclosure vulnerability. Other attacks are also possible. Siemens SIMATIC CP 343-1 Advanced and so on are the Ethernet communication modules used by German Siemens to support PROFINET (a new generation of automation bus standard based on industrial Ethernet technology). This vulnerability stems from configuration errors in network systems or products during operation. \nThe following vulnerabilities have been reported to Siemens CERT and are now\ncovered by by Siemens Security Advisory SSA-603476, published today\n(2016-11-21) and available at the following URL:\n\nhttp://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf\n\n-- CVE-016-8672 ---------------------------------------------------------\n\nSummary: Lack of cookie protection for management web interface. \n\nThe HttpOnly flag prevents client side scripts from accessing a cookie,\nmitigating cross-site scripting (XSS) attacks. \n\nThe session cookie weaknesses, with particular reference to the lack of the\nSecure flag, highlight the need for a forced encrypted connection to the\nexposed web interface, in order to mitigate any hijacking of its credentials\n\nCredit: Inverse Path auditors in collaboration with AIRBUS ICT Industrial\n        Security team\n\n-- CVE-016-8673 ---------------------------------------------------------\n\nSummary: Cross-site request forgery for management web interface. \n\nAffected products: SIMATIC CP 343-1 Advanced: All versions \u003c V3.0.53\n                   SIMATIC CP 443-1 Advanced: All versions\n                   SIMATIC S7-300 CPU family: All firmware versions\n                   SIMATIC S7-400 CPU family: All firmware versions\n\nDescription:\n\nThe Cross-site request forgery (CSRF) class of attacks leverages on the trust\nthat a logged in user gives to HTML content of unrelated origins, by\ntriggering unauthorized commands via HTML links or scripts injected by the\nattacker in the browser context. \n\nThe web management interface does not take advantage of any CSRF protection\nmechanism. This omission allows unauthorized POST requests to be issued by\nany JavaScript loaded in the user browser execution context, regardless of\ntheir origin. \n\nGiven the fact that the affected products support POST requests, to upload\nAccess Control List (ACL) configuration or customer specific actions, the\nlack of CSRF protection exposes the risk of unauthenticated management\nactions. \n\nCredit: Inverse Path auditors in collaboration with AIRBUS ICT Industrial\n        Security team\n\n-------------------------------------------------------------------------\n\n-- \nAndrea Barisani                             Inverse Path Srl\nChief Security Engineer                     -----\u003e \u003c--------\n\n\u003candrea@inversepath.com\u003e          http://www.inversepath.com\n0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E\n       \"Pluralitas non est ponenda sine necessitate\"\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005922"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11664"
      },
      {
        "db": "BID",
        "id": "94460"
      },
      {
        "db": "IVD",
        "id": "72bae294-54fe-4905-a053-bff375973da9"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97492"
      },
      {
        "db": "PACKETSTORM",
        "id": "139857"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-8672",
        "trust": 3.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-603476",
        "trust": 2.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-16-327-02",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-530",
        "trust": 0.9
      },
      {
        "db": "BID",
        "id": "94460",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11664",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005922",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "72BAE294-54FE-4905-A053-BFF375973DA9",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "139857",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-97492",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "72bae294-54fe-4905-a053-bff375973da9"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11664"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97492"
      },
      {
        "db": "BID",
        "id": "94460"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005922"
      },
      {
        "db": "PACKETSTORM",
        "id": "139857"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-530"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8672"
      }
    ]
  },
  "id": "VAR-201611-0018",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "72bae294-54fe-4905-a053-bff375973da9"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11664"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97492"
      }
    ],
    "trust": 1.6505322625
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "72bae294-54fe-4905-a053-bff375973da9"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11664"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:26:55.271000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-603476",
        "trust": 0.8,
        "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf"
      },
      {
        "title": "Patch for SIMATICS7-300/S7-400CPUfamily Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/84737"
      },
      {
        "title": "Multiple Siemens Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65865"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11664"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005922"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-530"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97492"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005922"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8672"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-327-02"
      },
      {
        "trust": 1.0,
        "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8672"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8672"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-16-327-02"
      },
      {
        "trust": 0.3,
        "url": "http://www.siemens.com/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8672"
      },
      {
        "trust": 0.1,
        "url": "http://www.inversepath.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11664"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97492"
      },
      {
        "db": "BID",
        "id": "94460"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005922"
      },
      {
        "db": "PACKETSTORM",
        "id": "139857"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-530"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8672"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "72bae294-54fe-4905-a053-bff375973da9"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11664"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97492"
      },
      {
        "db": "BID",
        "id": "94460"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005922"
      },
      {
        "db": "PACKETSTORM",
        "id": "139857"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-530"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8672"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-30T00:00:00",
        "db": "IVD",
        "id": "72bae294-54fe-4905-a053-bff375973da9"
      },
      {
        "date": "2016-11-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-11664"
      },
      {
        "date": "2016-11-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97492"
      },
      {
        "date": "2016-11-21T00:00:00",
        "db": "BID",
        "id": "94460"
      },
      {
        "date": "2016-11-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005922"
      },
      {
        "date": "2016-11-22T23:16:23",
        "db": "PACKETSTORM",
        "id": "139857"
      },
      {
        "date": "2016-11-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-530"
      },
      {
        "date": "2016-11-23T11:59:00.153000",
        "db": "NVD",
        "id": "CVE-2016-8672"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-11664"
      },
      {
        "date": "2019-12-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97492"
      },
      {
        "date": "2016-11-24T00:16:00",
        "db": "BID",
        "id": "94460"
      },
      {
        "date": "2016-11-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005922"
      },
      {
        "date": "2019-12-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-530"
      },
      {
        "date": "2024-11-21T02:59:48.557000",
        "db": "NVD",
        "id": "CVE-2016-8672"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-530"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SIMATIC S7-300/S7-400 CPU family Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "72bae294-54fe-4905-a053-bff375973da9"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11664"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-530"
      }
    ],
    "trust": 0.6
  }
}

var-202109-1910
Vulnerability from variot

A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3). Sending a specially crafted packet to port 102/tcp of an affected device could cause a denial of service condition. A restart is needed to restore normal operations. Multiple Siemens products contain a buffer error vulnerability.Service operation interruption (DoS) It may be in a state. The communication processor (CP) modules of the SIMATIC CP 343-1 and CP 443-1 series are designed to support SIMATIC S7-300/S7-400 CPUs for Ethernet communication. SIPLUS extreme products are designed for reliable operation under extreme conditions, based on SIMATIC, LOGO! , SITOP, SINAMICS, SIMOTION, SCALANCE or other equipment.

The Siemens SIMATIC NET CP module has a denial of service vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1910",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic cp 343-1 advanced",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 343-1 lean",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 343-1 erpc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 443-1 advanced",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 343-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 443-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 343-1 adv",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 443-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 343-1 erpc",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 343-1 lean",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 343-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 443-1 adv",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp erpc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1"
      },
      {
        "model": "simatic cp lean",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71443"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012336"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-33737"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Michael Messner from Siemens Energy reported this vulnerability to Siemens.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-828"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-33737",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2021-33737",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2021-71443",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-33737",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-33737",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-33737",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2021-33737",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-33737",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-71443",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202109-828",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-33737",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71443"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-33737"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-828"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-33737"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-33737"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (All versions \u003c V3.3), SIPLUS NET CP 443-1 (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (All versions \u003c V3.3). Sending a specially crafted packet to port 102/tcp of an affected device could cause a denial of service condition. A restart is needed to restore normal operations. Multiple Siemens products contain a buffer error vulnerability.Service operation interruption (DoS) It may be in a state. The communication processor (CP) modules of the SIMATIC CP 343-1 and CP 443-1 series are designed to support SIMATIC S7-300/S7-400 CPUs for Ethernet communication. SIPLUS extreme products are designed for reliable operation under extreme conditions, based on SIMATIC, LOGO! , SITOP, SINAMICS, SIMOTION, SCALANCE or other equipment. \n\r\n\r\nThe Siemens SIMATIC NET CP module has a denial of service vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-33737"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012336"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-71443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-33737"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-33737",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-549234",
        "trust": 2.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-257-15",
        "trust": 1.4
      },
      {
        "db": "JVN",
        "id": "JVNVU96712416",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012336",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-71443",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021091521",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-828",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-33737",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71443"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-33737"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-828"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-33737"
      }
    ]
  },
  "id": "VAR-202109-1910",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71443"
      }
    ],
    "trust": 1.5310661749999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71443"
      }
    ]
  },
  "last_update_date": "2024-08-14T12:52:21.425000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-549234",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf"
      },
      {
        "title": "Patch for Denial of Service Vulnerability in Siemens SIMATIC NET CP Module",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/291026"
      },
      {
        "title": "Siemens SIMATIC CP 343-1 Advanced Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=174338"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=5549c9fcd4692cd5a6c435f90a2e5a2d"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71443"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-33737"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-828"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.0
      },
      {
        "problemtype": "Buffer error (CWE-119) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012336"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-33737"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33737"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu96712416/"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-257-15"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/simatic-cp-343-1-443-1-denial-of-service-via-port-102-tcp-36399"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-257-15"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021091521"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-549234.txt"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71443"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-33737"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-828"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-33737"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71443"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-33737"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-828"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-33737"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-71443"
      },
      {
        "date": "2021-09-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-33737"
      },
      {
        "date": "2022-08-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-012336"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-09-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-828"
      },
      {
        "date": "2021-09-14T11:15:24.800000",
        "db": "NVD",
        "id": "CVE-2021-33737"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-01-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-71443"
      },
      {
        "date": "2021-09-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-33737"
      },
      {
        "date": "2022-08-30T02:02:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-012336"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2023-04-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-828"
      },
      {
        "date": "2023-04-11T10:15:09.427000",
        "db": "NVD",
        "id": "CVE-2021-33737"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-828"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer error vulnerability in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012336"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-201803-2159
Vulnerability from variot

A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (All versions < V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.16), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX 2010 (All versions < V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions < V2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a denial of service condition of the requesting system.

The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. A manual restart is required to recover the system. plural Siemens The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Siemens SIMATIC CP 343-1 Advanced is an Ethernet communication module for supporting PROFINET, a new generation of automation bus standard based on Industrial Ethernet technology. SIMATIC S7-1500 is a programmable logic controller.

A denial of service vulnerability exists in several Siemens products. Siemens SIMATIC/SINUMERIK/PROFINET IO are prone to a denial-of-service vulnerability. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected. F; SINUMERIK 828D; SINUMERIK 840D sl; Softnet PROFINET IO for PC-based Windows systems

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2159",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic s7-410",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "8.1"
      },
      {
        "model": "simatic s7-400 pn\\/dp v7",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic winac rtx 2010",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 343-1",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "softnet pn-io linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-300",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400 h v6",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.7.0"
      },
      {
        "model": "simatic s7-400 pn\\/dp v6",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.0.7"
      },
      {
        "model": "simatic cp 343-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-300",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400 pn/dp v6",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400 pn/dp v7",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400h v6",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-410",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic winac rtx 2010",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "softnet profinet io",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "for pc-based windows systems firmware"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1"
      },
      {
        "model": "simatic cp standard",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1"
      },
      {
        "model": "simatic cp standard",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      },
      {
        "model": "simatic s7-1500 software controller incl. f",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1.7.0"
      },
      {
        "model": "simatic s7-1500 incl. f",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1.7.0"
      },
      {
        "model": "simatic s7-300 incl. f and t",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400 h",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v6"
      },
      {
        "model": "simatic s7-400 pn/dp incl. f",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v6\u003c6.0.7"
      },
      {
        "model": "simatic s7-400 pn/dp incl. f",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v7"
      },
      {
        "model": "simatic winac rtx incl. f",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "softnet profinet io for pc-based windows systems",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "simatic cp 343 1",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "simatic cp 443 1",
        "version": null
      },
      {
        "model": "softnet profinet io",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sinumerik 840d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic winac rtx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "20100"
      },
      {
        "model": "simatic s7-410",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "8"
      },
      {
        "model": "simatic s7-400 pn/dp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7"
      },
      {
        "model": "simatic s7-400 pn/dp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "6"
      },
      {
        "model": "simatic s7-400 h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v60"
      },
      {
        "model": "simatic s7-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic s7-1500 software controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic s7-1500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic cp standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "443-10"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "443-10"
      },
      {
        "model": "simatic cp standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "343-10"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "343-10"
      },
      {
        "model": "simatic s7-410",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "8.1"
      },
      {
        "model": "simatic s7-400 pn/dp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "6.0.7"
      },
      {
        "model": "simatic s7-1500 software controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.7"
      },
      {
        "model": "simatic s7-1500",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 410",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic winac rtx 2010",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 828d",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "softnet pn io linux",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1500",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400 h v6",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400 pn dp v6",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400 pn dp v7",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "db": "BID",
        "id": "103465"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4843"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_343-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-1500_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-300_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-400_pn%2Fdp_v6_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-400pn%2Fdp_v7_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-400h_v6_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-410_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_winac_rtx_2010_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_828d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:softnet_profinet_io_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens ProductCERT",
    "sources": [
      {
        "db": "BID",
        "id": "103465"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-4843",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "CVE-2018-4843",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.6,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.2,
            "id": "CNVD-2018-06025",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.6,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.2,
            "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "VHN-134874",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "productcert@siemens.com",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2018-4843",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-4843",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-4843",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2018-4843",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-4843",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-06025",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201803-723",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-134874",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134874"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4843"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4843"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in  SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (All versions \u003c V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions \u003c V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V1.7.0), SIMATIC S7-1500 Software Controller (All versions \u003c V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions \u003c V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-400 CPU 412-2 PN V7 (All versions \u003c V7.0.3), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.7), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions \u003c V8.1), SIMATIC WinAC RTX 2010 (All versions \u003c V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions \u003c V2010 SP3), SINUMERIK 828D (All versions \u003c V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions \u003c V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions \u003c V3.2.16), SIPLUS NET CP 443-1 (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (All versions \u003c V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions \u003c V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a denial of service condition of the requesting system. \r\n\r\nThe security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. A manual restart is required to recover the system. plural Siemens The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Siemens SIMATIC CP 343-1 Advanced is an Ethernet communication module for supporting PROFINET, a new generation of automation bus standard based on Industrial Ethernet technology. SIMATIC S7-1500 is a programmable logic controller. \n\nA denial of service vulnerability exists in several Siemens products. Siemens SIMATIC/SINUMERIK/PROFINET IO are prone to a denial-of-service vulnerability. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected. F; SINUMERIK 828D; SINUMERIK 840D sl; Softnet PROFINET IO for PC-based Windows systems",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4843"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "db": "BID",
        "id": "103465"
      },
      {
        "db": "IVD",
        "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134874"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-4843",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-592007",
        "trust": 2.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-079-02",
        "trust": 1.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-723",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "103465",
        "trust": 0.4
      },
      {
        "db": "IVD",
        "id": "E2E91DF0-39AB-11E9-BEF8-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-98995",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-134874",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134874"
      },
      {
        "db": "BID",
        "id": "103465"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4843"
      }
    ]
  },
  "id": "VAR-201803-2159",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134874"
      }
    ],
    "trust": 1.6436873514285715
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:55:55.082000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-592007",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf"
      },
      {
        "title": "Patch for Multiple Siemens Product Denial of Service Vulnerabilities (CNVD-2018-06025)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/122865"
      },
      {
        "title": "Multiple Siemens Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=79323"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134874"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4843"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-02"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4843"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4843"
      },
      {
        "trust": 0.3,
        "url": "http://www.siemens.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134874"
      },
      {
        "db": "BID",
        "id": "103465"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4843"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134874"
      },
      {
        "db": "BID",
        "id": "103465"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4843"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-22T00:00:00",
        "db": "IVD",
        "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1"
      },
      {
        "date": "2018-03-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "date": "2018-03-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134874"
      },
      {
        "date": "2018-03-20T00:00:00",
        "db": "BID",
        "id": "103465"
      },
      {
        "date": "2018-05-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "date": "2018-03-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      },
      {
        "date": "2018-03-20T14:29:00.413000",
        "db": "NVD",
        "id": "CVE-2018-4843"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "date": "2023-01-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134874"
      },
      {
        "date": "2018-03-20T00:00:00",
        "db": "BID",
        "id": "103465"
      },
      {
        "date": "2018-07-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "date": "2023-05-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      },
      {
        "date": "2024-11-21T04:07:34.080000",
        "db": "NVD",
        "id": "CVE-2018-4843"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Siemens Vulnerability related to input validation in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input validation error",
    "sources": [
      {
        "db": "IVD",
        "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1"
      },
      {
        "db": "BID",
        "id": "103465"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      }
    ],
    "trust": 1.1
  }
}

var-202304-0700
Vulnerability from variot

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. simatic cp 1242-7 v2 firmware, SIMATIC CP 1243-1 firmware, simatic cp 1243-1 dnp3 Several Siemens products, including firmware, contain vulnerabilities related to deadlock.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC IPC DiagMonitor is a set of system monitoring and fault diagnosis software from Siemens. The SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect the SIMATIC S7-1200 controllers to the wide area network (WAN). They offer integrated security features such as firewalls, virtual private networks (VPNs), and support for other data encryption protocols. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or the ST7 master station via the SINAUT ST7 remote control protocol

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202304-0700",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "siemens",
        "version": "443-1\u003cv3.3"
      },
      {
        "model": "simatic cp 1243-7 lte eu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1542sp-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 443-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3"
      },
      {
        "model": "siplus net cp 443-1 advanced",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3"
      },
      {
        "model": "siplus et 200sp cp 1543sp-1 isec",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic ipc diagbase",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siplus tim 1531 irc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.3.6"
      },
      {
        "model": "siplus et 200sp cp 1542sp-1 irc tx rail",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic ipc diagmonitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "tim 1531 irc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.3.6"
      },
      {
        "model": "siplus s7-1200 cp 1243-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1243-1 iec",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siplus net cp 1242-7 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siplus s7-1200 cp 1243-1 rail",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1243-7 lte us",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siplus net cp 443-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3"
      },
      {
        "model": "simatic cp 1243-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1243-8 irc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1243-1 dnp3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1543sp-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siplus et 200sp cp 1543sp-1 isec tx rail",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1542sp-1 irc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 443-1 advanced",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3"
      },
      {
        "model": "simatic cp 1242-7 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 443-1 advanced",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic ipc diagmonitor",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1243-1 dnp3",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "siplus net cp 1242-7 v2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1542sp-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1243-8 irc",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1243-7 lte us",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "siplus net cp 443-1 advanced",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1543sp-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "siplus et 200sp cp 1543sp-1 isec",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 443-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1242-7 v2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1243-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1243-1 iec",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "siplus net cp 443-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "siplus et 200sp cp 1542sp-1 irc tx rail",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic ipc diagbase",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1542sp-1 irc",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "siplus et 200sp cp 1543sp-1 isec tx rail",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic cp 1243-7 lte eu",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic ipc diagmonitor",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1242-7v2"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-1"
      },
      {
        "model": "simatic cp lte eu",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-7"
      },
      {
        "model": "simatic cp lte us",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-7"
      },
      {
        "model": "simatic cp irc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-8"
      },
      {
        "model": "siplus net cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1242-7v2"
      },
      {
        "model": "siplus s7-1200 cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-1"
      },
      {
        "model": "siplus s7-1200 cp rail",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-1"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1\u003cv3.3"
      },
      {
        "model": "simatic cp dnp3",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-1"
      },
      {
        "model": "simatic cp iec",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-1"
      },
      {
        "model": "simatic cp 1542sp-1",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1542sp-1 irc",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1543sp-1",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic ipc diagbase",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siplus et 200sp cp 1542sp-1 irc tx rail",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siplus et 200sp cp 1543sp-1 isec",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siplus et 200sp cp 1543sp-1 isec tx rail",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siplus net cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1\u003cv3.3"
      },
      {
        "model": "siplus net cp advanced \u003cv3.3l",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      },
      {
        "model": "siplus tim irc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1531\u003cv2.3.6"
      },
      {
        "model": "tim irc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1531\u003cv2.3.6"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35758"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022094"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43767"
      }
    ]
  },
  "cve": "CVE-2022-43767",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2023-35758",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "productcert@siemens.com",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-43767",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2022-022094",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2022-43767",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2022-022094",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-35758",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202304-729",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35758"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022094"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-729"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43767"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions \u003c V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions \u003c V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions \u003c V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions \u003c V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. simatic cp 1242-7 v2 firmware, SIMATIC CP 1243-1 firmware, simatic cp 1243-1 dnp3 Several Siemens products, including firmware, contain vulnerabilities related to deadlock.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC IPC DiagMonitor is a set of system monitoring and fault diagnosis software from Siemens. The SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect the SIMATIC S7-1200 controllers to the wide area network (WAN). They offer integrated security features such as firewalls, virtual private networks (VPNs), and support for other data encryption protocols. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or the ST7 master station via the SINAUT ST7 remote control protocol",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-43767"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022094"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-35758"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-43767",
        "trust": 3.8
      },
      {
        "db": "SIEMENS",
        "id": "SSA-566905",
        "trust": 3.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-139628",
        "trust": 1.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-103-10",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94715153",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022094",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-35758",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.2159",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-729",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35758"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022094"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-729"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43767"
      }
    ]
  },
  "id": "VAR-202304-0700",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35758"
      }
    ],
    "trust": 1.3845387558333333
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35758"
      }
    ]
  },
  "last_update_date": "2024-09-10T22:24:04.730000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Denial of Service Vulnerability in Several Siemens Products (CNVD-2023-35758)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/424646"
      },
      {
        "title": "Siemens SIMATIC CP443-1 OPC UA9 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=233082"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35758"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-729"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-833",
        "trust": 1.0
      },
      {
        "problemtype": "deadlock (CWE-833) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022094"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43767"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html"
      },
      {
        "trust": 1.0,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu94715153/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43767"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-10"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-43767/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.2159"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35758"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022094"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-729"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43767"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-35758"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022094"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-729"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43767"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-05-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-35758"
      },
      {
        "date": "2023-11-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-022094"
      },
      {
        "date": "2023-04-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202304-729"
      },
      {
        "date": "2023-04-11T10:15:17.540000",
        "db": "NVD",
        "id": "CVE-2022-43767"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-05-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-35758"
      },
      {
        "date": "2023-11-15T06:20:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-022094"
      },
      {
        "date": "2023-05-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202304-729"
      },
      {
        "date": "2024-09-10T10:15:04.850000",
        "db": "NVD",
        "id": "CVE-2022-43767"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-729"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Deadlock vulnerability in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-022094"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202304-729"
      }
    ],
    "trust": 0.6
  }
}