All the vulnerabilites related to Siemens - SINUMERIK 828D
var-202409-0311
Vulnerability from variot

A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D sl V4 (All versions < V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6), SINUMERIK ONE (All versions < V6.23 in connection with using Create MyConfig (CMC) <= V6.6), SINUMERIK ONE (All versions < V6.15 SP4 in connection with using Create MyConfig (CMC) <= V6.6). Affected systems, that have been provisioned with Create MyConfig (CMC), contain a Insertion of Sensitive Information into Log File vulnerability. This could allow a local authenticated user with low privileges to read sensitive information and thus circumvent access restrictions. SINUMERIK CNC provides automation solutions for workshops, shops and large-scale batch production environments. SINUMERIK ONE is a digital native CNC system with an integrated SIMATIC S7-1500 CPU for automation

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202409-0311",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinumerik one",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38023"
      }
    ]
  },
  "cve": "CVE-2024-43781",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2024-38023",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "productcert@siemens.com",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2024-43781",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2024-43781",
            "trust": 1.0,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2024-38023",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38023"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-43781"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SINUMERIK 828D V4 (All versions \u003c V4.95 SP3), SINUMERIK 840D sl V4 (All versions \u003c V4.95 SP3 in connection with using Create MyConfig (CMC) \u003c= V4.8 SP1 HF6), SINUMERIK ONE (All versions \u003c V6.23 in connection with using Create MyConfig (CMC) \u003c= V6.6), SINUMERIK ONE (All versions \u003c V6.15 SP4 in connection with using Create MyConfig (CMC) \u003c= V6.6). Affected systems, that have been provisioned with Create MyConfig (CMC), contain a Insertion of Sensitive Information into Log File vulnerability. This could allow a local authenticated user with low privileges to read sensitive information and thus circumvent access restrictions. SINUMERIK CNC provides automation solutions for workshops, shops and large-scale batch production environments. SINUMERIK ONE is a digital native CNC system with an integrated SIMATIC S7-1500 CPU for automation",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2024-43781"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-38023"
      }
    ],
    "trust": 1.44
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2024-43781",
        "trust": 1.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-097786",
        "trust": 1.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-38023",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38023"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-43781"
      }
    ]
  },
  "id": "VAR-202409-0311",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38023"
      }
    ],
    "trust": 1.2215278
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38023"
      }
    ]
  },
  "last_update_date": "2024-09-13T23:44:56.760000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Siemens SINUMERIK system log information leakage vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/590271"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38023"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-532",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2024-43781"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-097786.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38023"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-43781"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38023"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-43781"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-09-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-38023"
      },
      {
        "date": "2024-09-10T10:15:12.897000",
        "db": "NVD",
        "id": "CVE-2024-43781"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-09-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-38023"
      },
      {
        "date": "2024-09-10T12:09:50.377000",
        "db": "NVD",
        "id": "CVE-2024-43781"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens SINUMERIK system log information leakage vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38023"
      }
    ],
    "trust": 0.6
  }
}

var-202409-0310
Vulnerability from variot

A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions < V6.24). Affected devices do not properly enforce access restrictions to scripts that are regularly executed by the system with elevated privileges. This could allow an authenticated local attacker to escalate their privileges in the underlying system. SINUMERIK CNC provides automation solutions for workshops, shop floors and large-scale batch production environments. SINUMERIK ONE is a digital native CNC system with an integrated SIMATIC S7-1500 CPU for automation

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202409-0310",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinumerik one",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v5"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38021"
      }
    ]
  },
  "cve": "CVE-2024-41171",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2024-38021",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "productcert@siemens.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.0,
            "id": "CVE-2024-41171",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2024-41171",
            "trust": 1.0,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2024-38021",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38021"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-41171"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions \u003c V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions \u003c V6.24). Affected devices do not properly enforce access restrictions to scripts that are regularly executed by the system with elevated privileges. This could allow an authenticated local attacker to escalate their privileges in the underlying system. SINUMERIK CNC provides automation solutions for workshops, shop floors and large-scale batch production environments. SINUMERIK ONE is a digital native CNC system with an integrated SIMATIC S7-1500 CPU for automation",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2024-41171"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-38021"
      }
    ],
    "trust": 1.44
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SIEMENS",
        "id": "SSA-342438",
        "trust": 1.6
      },
      {
        "db": "NVD",
        "id": "CVE-2024-41171",
        "trust": 1.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-38021",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38021"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-41171"
      }
    ]
  },
  "id": "VAR-202409-0310",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38021"
      }
    ],
    "trust": 1.2215278
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38021"
      }
    ]
  },
  "last_update_date": "2024-09-13T23:32:47.479000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Siemens SINUMERIK ONE, SINUMERIK-840D and SINUMERIK828D Privilege Escalation Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/590281"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38021"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-732",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2024-41171"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-342438.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38021"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-41171"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38021"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-41171"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-09-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-38021"
      },
      {
        "date": "2024-09-10T10:15:12",
        "db": "NVD",
        "id": "CVE-2024-41171"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-09-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-38021"
      },
      {
        "date": "2024-09-10T12:09:50.377000",
        "db": "NVD",
        "id": "CVE-2024-41171"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens SINUMERIK ONE, SINUMERIK-840D and SINUMERIK828D Privilege Escalation Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38021"
      }
    ],
    "trust": 0.6
  }
}

var-201910-1596
Vulnerability from variot

An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation. Multiple Siemens products are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens SIMATIC S7-300 CPU is a modular universal controller for the manufacturing industry from Siemens. The products in the Siemens SIMATIC S7-400 CPU family have been designed for process control in industrial environments. SIMATIC WinAC RTX (F) 2010 is a simatic software controller for PC-based automation solutions. Siemens SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs).

A denial of service vulnerability exists in several Siemens products. A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT (All versions < V5.2.1), SIMATIC ET 200M (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (All versions), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions < V4.7 HF29), SINAMICS G150 (Control Unit) (All versions < V4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit and CBE20) (All versions < V4.7 HF34), SINAMICS S150 (Control Unit) (All versions < V4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations. Siemens CP1616, etc. are all products of Siemens (Siemens) in Germany. CP1616 is a communications processor. SINUMERIK 840D sl is a set of advanced machine tool numerical control system. SCALANCE X-200IRT is an industrial Ethernet switch. The following products and versions are affected: Siemens SIMATIC NET CP 1616 before V2.8; SINUMERIK 840D sl (all versions); SCALANCE X-200IRT series (including SIPLUS NET variants) before V5.2.1; SIMATIC ET200S (including SIPLUS variants) (full version) etc

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201910-1596",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic et 200m",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200s",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200ecopn",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic pn/pn coupler 6es7158-3ad01-0xa0",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sinumerik 828d",
        "version": "4.8"
      },
      {
        "model": "simatic s7-300 cpu 312 ifm",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "dk standard ethernet controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.1"
      },
      {
        "model": "simatic s7-400 dp v7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinamics g110m",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics gh150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic s7-300 cpu 314",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "simatic s7-300 cpu 313",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "simatic s7-300 cpu 316-2 dp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "sinamics gl150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics gm150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "cp1604",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.8"
      },
      {
        "model": "sinamics g120",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics sl150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics g130",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic s7-300 cpu",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "sinamics s120",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic pn\\/pn coupler 6es7158-3ad01-0xa0",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic winac rtx \\",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "ek-ertec 200",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.5.0"
      },
      {
        "model": "simatic et 200m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic s7-300 cpu 314 ifm",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "simatic s7-400 v6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance x-200irt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.2.1"
      },
      {
        "model": "simatic s7-300 cpu 315-2 dp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "sinamics dcm",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.5"
      },
      {
        "model": "cp1616",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.8"
      },
      {
        "model": "simatic et 200s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "dk standard ethernet controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.1"
      },
      {
        "model": "sinamics gm150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "ek-ertec 200p",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.5.0"
      },
      {
        "model": "sinamics g110m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics sm120",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic s7-300 cpu 315",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "sinamics g150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics gh150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simotion",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic winac rtx \\",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "model": "simatic et 200ecopn",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "ek-ertec 200",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.5.0"
      },
      {
        "model": "sinamics dcp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.3"
      },
      {
        "model": "sinamics gl150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic s7-400 pn v7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinamics s110",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinamics g120",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics sl150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics g130",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics s120",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics dcm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.5"
      },
      {
        "model": "sinamics s150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic s7-300 cpu 318-2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "cp1604",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cp1616",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "dk standard ethernet controller",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ek-ertec 200",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ek-ertec 200p p",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance x-200irt",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200pro",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics dcp",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 840d sl",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cp1604",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.8"
      },
      {
        "model": "cp1616",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.8"
      },
      {
        "model": "dk standard ethernet controller patch",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.1.105"
      },
      {
        "model": "ek-ertec 200p patch",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.5.001"
      },
      {
        "model": "ek-ertec 200p",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.5.0"
      },
      {
        "model": "scalance x-200irt",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v5.2.1"
      },
      {
        "model": "simatic s7-300 cpu family",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400 and below",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v6"
      },
      {
        "model": "simatic winac rtx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "model": "simatic s7-400 pn/dp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v7"
      },
      {
        "model": "sinamics dcm hf1",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v1.5"
      },
      {
        "model": "sinumerik 828d sp5",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinamics g110m sp10 hf5",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7\u003cv4.7"
      },
      {
        "model": "sinamics g120 sp10 hf5",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7\u003cv4.7"
      },
      {
        "model": "sinamics g130 hf29",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7\u003cv4.7"
      },
      {
        "model": "sinamics g150",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinamics gh150",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinamics gl150",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinamics gm150",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinamics s110",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics s120 hf34",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7\u003cv4.7"
      },
      {
        "model": "sinamics s150",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinamics sl150",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinamics sm120",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "dk standard ethernet controller",
        "version": "4.1.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "cp1604",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic pn pn coupler 6es7158 3ad01 0xa0",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu 312 ifm",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu 313",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu 314",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu 314 ifm",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu 315",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu 315 2 dp",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu 316 2 dp",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu 318 2",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "cp1616",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400 v6",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400 pn v7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400 dp v7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic winac rtx f 2010",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simotion",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics dcm",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics dcm",
        "version": "1.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics dcp",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g110m",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g110m",
        "version": "4.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g120",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g120",
        "version": "4.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g130",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g130",
        "version": "4.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "dk standard ethernet controller",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g150",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics gh150",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics gl150",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics gm150",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics s110",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics s120",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics s120",
        "version": "4.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics s150",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics sl150",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics sm120",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 828d",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ek ertec 200",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ek ertec 200",
        "version": "4.5.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ek ertec 200p",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x 200irt",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200m",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200s",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200ecopn",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-41280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010610"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10923"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:cp1604_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:cp1616_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:dk_standard_ethernet_controller_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:ek-ertec_200_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:ek-ertec_200p_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_x-200irt_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200ecopn_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200m_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200s_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_pn%2fpn_coupler_6es7158-3ad01-0xa0_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010610"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens reported this vulnerability to CISA. Artem Zinenko of Kaspersky reported to Siemens that SIPLUS is also affected.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-565"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-10923",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-10923",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-41280",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-142518",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-10923",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-10923",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-10923",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2019-10923",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-10923",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-41280",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201910-565",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-142518",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-41280"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142518"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010610"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-565"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10923"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10923"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation. Multiple Siemens products are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens SIMATIC S7-300 CPU is a modular universal controller for the manufacturing industry from Siemens. The products in the Siemens SIMATIC S7-400 CPU family have been designed for process control in industrial environments. SIMATIC WinAC RTX (F) 2010 is a simatic software controller for PC-based automation solutions. Siemens SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). \n\nA denial of service vulnerability exists in several Siemens products. A vulnerability has been identified in CP1604 (All versions \u003c V2.8), CP1616 (All versions \u003c V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions \u003c V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions \u003c V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions \u003c V4.5.0), SCALANCE X-200IRT (All versions \u003c V5.2.1), SIMATIC ET 200M (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (All versions), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions \u003c SIMATIC WinAC RTX 2010 SP3), SIMOTION (All versions), SINAMICS DCM (All versions \u003c V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (Control Unit) (All versions \u003c V4.7 SP10 HF5), SINAMICS G120 V4.7 (Control Unit) (All versions \u003c V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions \u003c V4.7 HF29), SINAMICS G150 (Control Unit) (All versions \u003c V4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit and CBE20) (All versions \u003c V4.7 HF34), SINAMICS S150 (Control Unit) (All versions \u003c V4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions \u003c V4.8 SP5), SINUMERIK 840D sl (All versions). No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations. Siemens CP1616, etc. are all products of Siemens (Siemens) in Germany. CP1616 is a communications processor. SINUMERIK 840D sl is a set of advanced machine tool numerical control system. SCALANCE X-200IRT is an industrial Ethernet switch. The following products and versions are affected: Siemens SIMATIC NET CP 1616 before V2.8; SINUMERIK 840D sl (all versions); SCALANCE X-200IRT series (including SIPLUS NET variants) before V5.2.1; SIMATIC ET200S (including SIPLUS variants) (full version) etc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-10923"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010610"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-41280"
      },
      {
        "db": "IVD",
        "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142518"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-10923",
        "trust": 3.3
      },
      {
        "db": "SIEMENS",
        "id": "SSA-349422",
        "trust": 2.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-283-01",
        "trust": 1.4
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-565",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-41280",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010610",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3812",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3812.2",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "B7DE1C6D-2642-4DF7-860F-BFE6735515F5",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-142518",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-41280"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142518"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010610"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-565"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10923"
      }
    ]
  },
  "id": "VAR-201910-1596",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-41280"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142518"
      }
    ],
    "trust": 1.6269844772727273
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-41280"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:41:18.618000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-349422",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf"
      },
      {
        "title": "Patch for Multiple Siemens Product Denial of Service Vulnerabilities (CNVD-2019-41280)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/184335"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-41280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010610"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-142518"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010610"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10923"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-19-283-01"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10923"
      },
      {
        "trust": 1.0,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-349422.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10923"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3812/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3812.2/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/simatic-denial-of-service-via-irt-30559"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-283-01"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-41280"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142518"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010610"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-565"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10923"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-41280"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142518"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010610"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-565"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10923"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-11-19T00:00:00",
        "db": "IVD",
        "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
      },
      {
        "date": "2019-10-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-41280"
      },
      {
        "date": "2019-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-142518"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010610"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-565"
      },
      {
        "date": "2019-10-10T14:15:14.503000",
        "db": "NVD",
        "id": "CVE-2019-10923"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-11-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-41280"
      },
      {
        "date": "2023-01-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-142518"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010610"
      },
      {
        "date": "2023-05-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-565"
      },
      {
        "date": "2024-11-21T04:20:09.600000",
        "db": "NVD",
        "id": "CVE-2019-10923"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-565"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Vulnerability related to resource depletion in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010610"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Resource management error",
    "sources": [
      {
        "db": "IVD",
        "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-565"
      }
    ],
    "trust": 0.8
  }
}

var-201812-0458
Vulnerability from variot

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A buffer overflow in the service command application could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \302\240The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A stack-based buffer overflow vulnerability exists in several Siemens products. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities: 1. A heap based buffer-overflow vulnerability. 2. An integer overflow vulnerability. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0458",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinumerik 840d sl v4.8",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 808d v4.7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinumerik 840d sl v4.7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d v4.8",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinumerik 828d v4.7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 840d sl",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 840d sp6 hf5",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 840d sp3",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 808d v4.8",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 808d v4.7",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d v4.7",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl v4.8",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl v4.7",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl sp6 hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 808d v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 808d v4 8",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 828d v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl v4 8",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d812390-463f-11e9-9a73-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25420"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013318"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-604"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11463"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_808d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_828d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_840d_sl_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013318"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.",
    "sources": [
      {
        "db": "BID",
        "id": "106185"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-11463",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-11463",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2018-25420",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "7d812390-463f-11e9-9a73-000c29342cb1",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-121325",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2018-11463",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-11463",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-11463",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-25420",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-604",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "7d812390-463f-11e9-9a73-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-121325",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d812390-463f-11e9-9a73-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25420"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121325"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013318"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-604"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11463"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). A buffer overflow in the service command application could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \\302\\240The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A stack-based buffer overflow vulnerability exists in several Siemens products. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities:\n1. A heap based buffer-overflow vulnerability. \n2. An integer overflow vulnerability. \n3. A security bypass vulnerability. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the  context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11463"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013318"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25420"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "IVD",
        "id": "7d812390-463f-11e9-9a73-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121325"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-11463",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-170881",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "106185",
        "trust": 2.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-345-02",
        "trust": 1.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-604",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25420",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013318",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "7D812390-463F-11E9-9A73-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-121325",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d812390-463f-11e9-9a73-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25420"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121325"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013318"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-604"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11463"
      }
    ]
  },
  "id": "VAR-201812-0458",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7d812390-463f-11e9-9a73-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25420"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121325"
      }
    ],
    "trust": 1.724179296
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d812390-463f-11e9-9a73-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25420"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:37:56.103000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-170881",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "title": "Patches for multiple Siemens product buffer overflow vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/147351"
      },
      {
        "title": "Multiple Siemens Product Buffer Error Vulnerability Fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87848"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25420"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013318"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-604"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-121",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-121325"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013318"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11463"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/106185"
      },
      {
        "trust": 1.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11463"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11463"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      },
      {
        "trust": 0.3,
        "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25420"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121325"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013318"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-604"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11463"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7d812390-463f-11e9-9a73-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25420"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121325"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013318"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-604"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11463"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "IVD",
        "id": "7d812390-463f-11e9-9a73-000c29342cb1"
      },
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25420"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121325"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-02-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013318"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-604"
      },
      {
        "date": "2018-12-12T16:29:00.543000",
        "db": "NVD",
        "id": "CVE-2018-11463"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25420"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121325"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-03-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013318"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-604"
      },
      {
        "date": "2024-11-21T03:43:25.177000",
        "db": "NVD",
        "id": "CVE-2018-11463"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-604"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  SINUMERIK Product buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013318"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer error",
    "sources": [
      {
        "db": "IVD",
        "id": "7d812390-463f-11e9-9a73-000c29342cb1"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-604"
      }
    ],
    "trust": 0.8
  }
}

var-201812-0454
Vulnerability from variot

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could modify a user-writeable configuration file so that after reboot or manual initiation the system reloads the modified configuration file and attacker-controlled code is executed with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A security hole exists in the Siemens SINUMERIK CNC Controller. A heap based buffer-overflow vulnerability. 2. An integer overflow vulnerability. 3. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0454",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinumerik 840d sl v4.8",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 808d v4.7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinumerik 840d sl v4.7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d v4.8",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinumerik 828d v4.7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 840d sl",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 840d sp6 hf5",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 840d sp3",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 808d v4.8",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 808d v4.7",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d v4.7",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl v4.8",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl v4.7",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl sp6 hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 808d v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 808d v4 8",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 828d v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl v4 8",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d823501-463f-11e9-82ca-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25416"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013323"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-600"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11459"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_808d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_828d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_840d_sl_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013323"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.",
    "sources": [
      {
        "db": "BID",
        "id": "106185"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-11459",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-11459",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2018-25416",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "7d823501-463f-11e9-82ca-000c29342cb1",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-121320",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2018-11459",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-11459",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-11459",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-25416",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-600",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "7d823501-463f-11e9-82ca-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-121320",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d823501-463f-11e9-82ca-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25416"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121320"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013323"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-600"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11459"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). A local attacker could modify a user-writeable configuration file so that after reboot or manual initiation the system reloads the modified configuration file and attacker-controlled code is executed with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A security hole exists in the Siemens SINUMERIK CNC Controller. A heap based buffer-overflow vulnerability. \n2. An integer overflow vulnerability. \n3. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the  context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11459"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013323"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25416"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "IVD",
        "id": "7d823501-463f-11e9-82ca-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121320"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-11459",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-170881",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "106185",
        "trust": 2.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-345-02",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-600",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25416",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013323",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "7D823501-463F-11E9-82CA-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-121320",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d823501-463f-11e9-82ca-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25416"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121320"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013323"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-600"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11459"
      }
    ]
  },
  "id": "VAR-201812-0454",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7d823501-463f-11e9-82ca-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25416"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121320"
      }
    ],
    "trust": 1.724179296
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d823501-463f-11e9-82ca-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25416"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:37:55.942000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-170881",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "title": "Patches for multiple Siemens product protection mechanism failure vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/147311"
      },
      {
        "title": "Multiple Siemens Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87844"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25416"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013323"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-600"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-693",
        "trust": 1.0
      },
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013323"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11459"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/106185"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11459"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11459"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      },
      {
        "trust": 0.3,
        "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25416"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121320"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013323"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-600"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11459"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7d823501-463f-11e9-82ca-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25416"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121320"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013323"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-600"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11459"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "IVD",
        "id": "7d823501-463f-11e9-82ca-000c29342cb1"
      },
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25416"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121320"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-02-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013323"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-600"
      },
      {
        "date": "2018-12-12T16:29:00.357000",
        "db": "NVD",
        "id": "CVE-2018-11459"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25416"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121320"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-03-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013323"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-600"
      },
      {
        "date": "2024-11-21T03:43:24.700000",
        "db": "NVD",
        "id": "CVE-2018-11459"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-600"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  SINUMERIK Vulnerabilities related to authorization, authority, and access control in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013323"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-600"
      }
    ],
    "trust": 0.6
  }
}

var-201705-3220
Vulnerability from variot

Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected. SIMATIC CP, SIMATIC RF600, SCALANCE W700, etc. are all industrial automation products from Siemens AG. A denial of service vulnerability exists in several industrial devices from Siemens. Multiple Siemens Products is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause a denial-of-service condition. Manual restart of the server is required to resume normal operation. SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions before V2.1.82), SIMATIC CP 1243-1 IRC (All versions before V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions before to V1.0.15), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X-200 (All versions before V5.2.2), SCALANCE X200 IRT (All versions before V5.4.0), SCALANCE X-300/X408 (All versions before V4.1.0), SCALANCE X414 (All versions before V3.10.2), SCALANCE XM400, XR500 (All versions before V6.1), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions before V04.03), Softnet PROFINET IO for PC-based Windows systems (All versions before V14 SP1), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions before V1.2.0), SITOP UPS1600 PROFINET (All versions before V2.2.0), SIMATIC ET 200AL (All versions before V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions before V4.1.0), SIMATIC PN/PN Coupler (All versions before V4.0), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions before V2.3), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions before V6.0.6), SIMATIC S7-400-H V6 (All versions before V6.0.7), SIMATIC S7-400 PN/DP V7 incl. F (All versions), SIMATIC S7-CPU 410 (All versions before V8.2), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions before V1.4 SP1 HF5), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S110 w. PN (All versions before V4.4 SP1 HF5), SINAMICS S120 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS V90 w. PN (All versions before V1.1), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (All versions before V4.5 SP6 HF2 and V4.7 before SP6 HF8), SINUMERIK 840D sl (All versions before V4.5 SP6 HF8 and V4.7 before SP4 HF1), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet. Siemens SIMATIC S7-200 Smart, etc. Siemens SIMATIC S7-200 Smart is a programmable logic controller (PLC) used in small and medium-sized automation systems. Siemens SIMATIC CP 343-1 Advanced is an Ethernet communication module used to support PROFINET (a new generation of automation bus standard based on industrial Ethernet technology). SIRIUS Motor starter M200D PROFINET is a motor starter. The following products and versions are affected: Siemens Extension Unit 12\" PROFINET prior to V01.01.01; Extension Unit 15\" PROFINET prior to V01.01.01; Extension Unit 19\" PROFINET prior to V01.01.01; Extension Unit 22\" PROFINET SIMATIC CP 1242-7 GPRS V2 prior to V2.1.82; SIMATIC CP 1243-7 LTE/US prior to V2.1.82; SIMATIC CP 1243-8 prior to V2.1.82; SIMATIC CP 1626 V1.1 previous version

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3220",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic dk-16xx pn io",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic rf685r",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic rf650r",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic rf680r",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1543sp-1",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1542sp-1 irc",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1542sp-1",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xr500",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance s615",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance m-800",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xm400",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance w700",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics gm150",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics gh150",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic cp 1543-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.1"
      },
      {
        "model": "sinamics s110 pn",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.4"
      },
      {
        "model": "simatic rf650r",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "dk standard ethernet controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.1"
      },
      {
        "model": "simatic cp 1626",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1"
      },
      {
        "model": "scalance x414",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.10.2"
      },
      {
        "model": "scalance x200 irt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.4.0"
      },
      {
        "model": "simatic cp 1243-1 dnp3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1242-7 gprs",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.1.82"
      },
      {
        "model": "sinamics gl150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics gm150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic cp 1616",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.7"
      },
      {
        "model": "sinamics g150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics g130",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics s120",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic cp 1604",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.7"
      },
      {
        "model": "simatic s7-1200",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2.1"
      },
      {
        "model": "extension unit 22 profinet",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "01.01.01"
      },
      {
        "model": "ek-ertec 200p pn io",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.4.0"
      },
      {
        "model": "ie\\/pb-link",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "simatic cm 1542-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "sirius motor starter m200d profinet",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic rf680r",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "sinamics s110 pn",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.4"
      },
      {
        "model": "extension unit 19 profinet",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "01.01.01"
      },
      {
        "model": "simatic cp 1243-1 irc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.1.82"
      },
      {
        "model": "sinamics dcp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.2"
      },
      {
        "model": "simatic cp 1542sp-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.15"
      },
      {
        "model": "simatic cp 343-1 adv",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simotion",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.5"
      },
      {
        "model": "simatic teleservice adapter ie standard",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 443-1 opc-ua",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic et 200s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "dk standard ethernet controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.1"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.5"
      },
      {
        "model": "simatic tdc cpu555",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1.1"
      },
      {
        "model": "simatic et 200al",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.2"
      },
      {
        "model": "sinamics g150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics g110m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics gh150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic cp 1543sp-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.15"
      },
      {
        "model": "scalance xr500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": "simatic et 200ecopn",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "ek-ertec 200 pn io",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2.1"
      },
      {
        "model": "softnet profinet io",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "14"
      },
      {
        "model": "scalance m-800",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.03"
      },
      {
        "model": "simatic hmi multi panels",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "scalance s615",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.03"
      },
      {
        "model": "simatic cp 443-1 adv",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2.17"
      },
      {
        "model": "sinamics sl150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics dcp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.2"
      },
      {
        "model": "simotion",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.5"
      },
      {
        "model": "sitop psu8600",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.2.0"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.5"
      },
      {
        "model": "simatic hmi mobile panels",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "scalance x200",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.2.2"
      },
      {
        "model": "simatic s7-1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.1"
      },
      {
        "model": "simatic cp 343-1 std",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1.3"
      },
      {
        "model": "simatic cp 1243-1 iec",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic et 200pro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinamics g110m",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "scalance xm400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": "sinamics sm120",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "scalance x408",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.0"
      },
      {
        "model": "simatic cp 343-1 lean",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1.3"
      },
      {
        "model": "simatic dk-1604 pn io",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.7"
      },
      {
        "model": "sirius act 3su1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1.0"
      },
      {
        "model": "ek-ertec 200 pn io",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2.1"
      },
      {
        "model": "simatic s7-300",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "softnet profinet io",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "14"
      },
      {
        "model": "simatic tdc cp51m1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1.8"
      },
      {
        "model": "simatic dk-1616 pn io",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.7"
      },
      {
        "model": "simatic et 200mp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.0.1"
      },
      {
        "model": "sinamics dcm",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.4"
      },
      {
        "model": "sinamics sl150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic s7-200 smart",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.3"
      },
      {
        "model": "sinamics sm120",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "scalance w700",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": "simatic et 200m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "extension unit 12 profinet",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "01.01.01"
      },
      {
        "model": "simatic winac rtx",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "model": "extension unit 15 profinet",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "01.01.01"
      },
      {
        "model": "simatic s7-1500 software controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.1"
      },
      {
        "model": "sinamics g120\\ w. pn",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics s150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic cp 1542sp-1 irc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.15"
      },
      {
        "model": "simatic cp 443-1 std",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2.17"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.5"
      },
      {
        "model": "simatic s7-400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.0.6"
      },
      {
        "model": "simatic et 200sp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.0"
      },
      {
        "model": "sirius soft starter 3rw44 pn",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic teleservice adapter ie basic",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simocode pro v profinet",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0.0"
      },
      {
        "model": "simatic hmi comfort panels",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "ups1600 profinet",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.2.0"
      },
      {
        "model": "sinamics dcm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.4"
      },
      {
        "model": "simatic cp 1243-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.1.82"
      },
      {
        "model": "ie\\/as-i link pn io",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinamics gl150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic cp 1243-8",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.1.82"
      },
      {
        "model": "sinamics v90 pn",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.01"
      },
      {
        "model": "scalance x300",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.0"
      },
      {
        "model": "simatic winac rtx",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "model": "sinamics g130",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics s120",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic rf685r",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "ek-ertec 200p pn io",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.4.0"
      },
      {
        "model": "sinamics s150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics g120\\ w. pn",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic cp 1243-7 lte\\/us",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.1.82"
      },
      {
        "model": "pn\\/pn coupler",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.0"
      },
      {
        "model": "sinumerik 828d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.5"
      },
      {
        "model": "simatic teleservice adapter ie advanced",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "dk standard ethernet controller",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ek-ertec 200 pn io",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ek-ertec 200p pn io",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ie/as-i link pn io",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ie/pb-link",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "pn/pn coupler",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance x200 irt",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance x200",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance x300",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance x408",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance x414",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cm 1542-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1243-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1543-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1604",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1616",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 343-1 adv",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 343-1 lean",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 343-1 std",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1 adv",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1 opc-ua",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1 std",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200al",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200ecopn",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200m",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200mp",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200pro",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200s",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200sp",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic hmi comfort panels",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic hmi mobile panels",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic hmi multi panels",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-1200",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-1500 software controller",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-200 smart",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-300",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic teleservice adapter ie advanced",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic teleservice adapter ie basic",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic teleservice adapter standard modem",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic winac rtx 2010",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simocode pro v profinet",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simotion",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics dcm",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics dcp",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics g110m",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics g120 w. pn",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics g130",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics g150",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics s110 w. pn",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics s120",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics s150",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics v90 w. pn",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 840d sl",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sirius act 3su1 interface module profinet",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sirius motor starter m200d profinet",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sirius soft starter 3rw44 pn",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sitop psu8600",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sitop ups1600 profinet",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "softnet profinet io",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "for pc-based windows systems firmware"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1616"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1604"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1543-1"
      },
      {
        "model": "simatic cm",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1542-1"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1243-1"
      },
      {
        "model": "simatic cp opc-ua",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      },
      {
        "model": "simatic cp adv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      },
      {
        "model": "simatic cp std",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      },
      {
        "model": "simatic cp std",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1"
      },
      {
        "model": "simatic cp lean",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1"
      },
      {
        "model": "simatic cp adv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "x408"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "x414"
      },
      {
        "model": "scalance irt",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "x200"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "x200"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "x300"
      },
      {
        "model": "simatic rf650r",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1 opc-ua",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cm 1542-1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1542sp-1 irc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1 adv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 343-1 std",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1543-1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1543sp-1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1542sp-1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic rf680r",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "sinumerik 828d",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "sinumerik 840d sl",
        "version": "*"
      },
      {
        "model": "ups1600 profinet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "softnet profinet io",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sitop psu8600",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sirius soft starter 3rw44 pn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sirius act 3su1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sinumerik 840d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sinamics sm150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics sm120",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics sl150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7.5"
      },
      {
        "model": "sinamics sl150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7.4"
      },
      {
        "model": "sinamics sl150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics gl150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simotion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic winac rtx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "20100"
      },
      {
        "model": "simatic teleservice adapter standard modem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic s7-400",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic s7-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic s7-200 smart",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic s7-1500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic rf685r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic rf680r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic rf650r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic et",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2000"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "443-10"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "343-10"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "16260"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "16160"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "16040"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1543-12.0.28"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1543-10"
      },
      {
        "model": "simatic cp 1542sp-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic cp irc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1243-80"
      },
      {
        "model": "simatic cp lte eu/us",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1243-70"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1243-10"
      },
      {
        "model": "simatic cp gprs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1242-7v20"
      },
      {
        "model": "scalance xr500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "scalance xm400",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "x4140"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "x4084.0"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "x4083.0"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "x3000"
      },
      {
        "model": "scalance irt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "x2000"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "x2000"
      },
      {
        "model": "scalance w700 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.4"
      },
      {
        "model": "scalance w700 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.5.4"
      },
      {
        "model": "scalance s615",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "scalance m-800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.02"
      },
      {
        "model": "scalance m-800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "ie/as-i link pn io",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "extension unit profinet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "22?0"
      },
      {
        "model": "extension unit profinet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "19?0"
      },
      {
        "model": "extension unit profinet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "15?0"
      },
      {
        "model": "extension unit profinet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "12?0"
      },
      {
        "model": "e/pb-link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics sm120 sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics sl150 sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics gm150 sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics gl150 sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics gh150 sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic rf685r",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "simatic rf680r",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "simatic cp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "16162.7"
      },
      {
        "model": "simatic cp 1604d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2.7"
      },
      {
        "model": "simatic cp irc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1243-82.1.82"
      },
      {
        "model": "simatic cp lte eu/us",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1243-72.1.82"
      },
      {
        "model": "simatic cp gprs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1242-7v22.1.82"
      },
      {
        "model": "simatic rf650r",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "simatic cp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "443-13.2.17"
      },
      {
        "model": "simatic cp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "15431.2.1"
      },
      {
        "model": "simatic cm1542",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.2"
      },
      {
        "model": "scalance w700",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": "extension unit profinet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "22?1.1.1"
      },
      {
        "model": "extension unit profinet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "19?1.1.1"
      },
      {
        "model": "extension unit profinet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "15?1.1.1"
      },
      {
        "model": "extension unit profinet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "12?1.1.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 343 1 std",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 1542sp 1 irc",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 1543sp 1",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 1543 1",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic rf650r",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic rf680r",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic rf685r",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 1616",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 1604",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic dk 16xx pn io",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x200",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 343 1 lean",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x200 irt",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x300",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x408",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x414",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xm400",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xr500",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance w700",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance m 800",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance s615",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "softnet profinet io",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 343 1 adv",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ie pb link",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ie as i link pn io",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic teleservice adapter standard modem",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic teleservice adapter ie basic modem",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic teleservice adapter ie advanced modem",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sitop psu8600",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ups1600 profinet",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200al",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200ecopn",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200m",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 443 1 std",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200mp",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200pro",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200s",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200sp",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "pn pn coupler",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "dk standard ethernet controller",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ek ertec 200p pn io",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ek ertec 200 pn io",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 200 smart",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 443 1 adv",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1200",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1500",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1500 controller",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic winac rtx 2010",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sirius act 3su1",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sirius soft starter 3rw44 pn",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sirius motor starter m200d profinet",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simocode pro v profinet",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics dcm",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 443 1 opc ua",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics dcp",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g110m",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g120 c p d w pn",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g130",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g150",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics s110 w pn",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics s120",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics s150",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics v90 w pn",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simotion",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 1243 1",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic hmi comfort panels",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic hmi multi panels",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic hmi mobile panels",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cm 1542 1",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 1542sp 1",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06151"
      },
      {
        "db": "BID",
        "id": "98369"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004134"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-574"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2680"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:dk_standard_ethernet_controller_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:ek-ertec_200_pn_io_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:ek-ertec_200p_pn_io_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:ie%2Fpb-link_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:ie%2Fas-i_link_pn_io_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:pn%2Fpn_coupler_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_m-800_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_s615_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_w700_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_x200irt_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_x200_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_x300_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_x408_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_x414_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_xm400_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_xr500_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cm_1542-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_1243-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_1542sp-1_irc_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_1542sp-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_1543-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_1543sp-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_1604_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_1616_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_343-1_lean_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_343-1_adv_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_343-1_std_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_adv_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_std_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_opc-ua_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_dk-16xx_pn_io_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200al_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200ecopn_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200m_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200mp_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200pro_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200s_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200sp_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_panels",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_hmi_mobile_panels",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_hmi_multi_panels",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_rf650r_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_rf680r_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_rf685r_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-1200_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-1500_software_controller_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-1500_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-200_smart_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-300_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-400_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_teleservice_adapter_ie_advanced_modem_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_teleservice_adapter_ie_basic_modem_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_teleservice_adapter_standard_modem_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_winac_rtx_2010_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simocode_pro_v_profinet_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simotion_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics_dcm_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics_dcp_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics_g110m_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics_g120%28c%2Fp%2Fd%29_w._pn_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics_g130_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics_g150_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics__s110_w._pn_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics_s120_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics_s150_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics_v90_w._pn_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_828d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_840d_sl_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sirius_act_3su1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sirius_motor_starter_m200d_profinet_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sirius_soft_starter_3rw44_pn_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sitop_psu8600_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:ups1600_profinet_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:softnet_profinet_io_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004134"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Duan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team.",
    "sources": [
      {
        "db": "BID",
        "id": "98369"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-2680",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "CVE-2017-2680",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2017-06151",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "VHN-110883",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-2680",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-2680",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-2680",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2017-2680",
            "trust": 1.0,
            "value": "High"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-2680",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-06151",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201705-574",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-110883",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06151"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110883"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004134"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-574"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2680"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2680"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected. SIMATIC CP, SIMATIC RF600, SCALANCE W700, etc. are all industrial automation products from Siemens AG. A denial of service vulnerability exists in several industrial devices from Siemens. Multiple Siemens Products is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause a denial-of-service condition. Manual restart of the server is required to resume normal operation. SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions before V2.1.82), SIMATIC CP 1243-1 IRC (All versions before V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions before to V1.0.15), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X-200 (All versions before V5.2.2), SCALANCE X200 IRT (All versions before V5.4.0), SCALANCE X-300/X408 (All versions before V4.1.0), SCALANCE X414 (All versions before V3.10.2), SCALANCE XM400, XR500 (All versions before V6.1), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions before V04.03), Softnet PROFINET IO for PC-based Windows systems (All versions before V14 SP1), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions before V1.2.0), SITOP UPS1600 PROFINET (All versions before V2.2.0), SIMATIC ET 200AL (All versions before V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions before V4.1.0), SIMATIC PN/PN Coupler (All versions before V4.0), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions before V2.3), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions before V6.0.6), SIMATIC S7-400-H V6 (All versions before V6.0.7), SIMATIC S7-400 PN/DP V7 incl. F (All versions), SIMATIC S7-CPU 410 (All versions before V8.2), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions before V1.4 SP1 HF5), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S110 w. PN (All versions before V4.4 SP1 HF5), SINAMICS S120 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS V90 w. PN (All versions before V1.1), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (All versions before V4.5 SP6 HF2 and V4.7 before SP6 HF8), SINUMERIK 840D sl (All versions before V4.5 SP6 HF8 and V4.7 before SP4 HF1), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet. Siemens SIMATIC S7-200 Smart, etc. Siemens SIMATIC S7-200 Smart is a programmable logic controller (PLC) used in small and medium-sized automation systems. Siemens SIMATIC CP 343-1 Advanced is an Ethernet communication module used to support PROFINET (a new generation of automation bus standard based on industrial Ethernet technology). SIRIUS Motor starter M200D PROFINET is a motor starter. The following products and versions are affected: Siemens Extension Unit 12\\\" PROFINET prior to V01.01.01; Extension Unit 15\\\" PROFINET prior to V01.01.01; Extension Unit 19\\\" PROFINET prior to V01.01.01; Extension Unit 22\\\" PROFINET SIMATIC CP 1242-7 GPRS V2 prior to V2.1.82; SIMATIC CP 1243-7 LTE/US prior to V2.1.82; SIMATIC CP 1243-8 prior to V2.1.82; SIMATIC CP 1626 V1.1 previous version",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2680"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004134"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06151"
      },
      {
        "db": "BID",
        "id": "98369"
      },
      {
        "db": "IVD",
        "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110883"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2680",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-023-02",
        "trust": 2.8
      },
      {
        "db": "SIEMENS",
        "id": "SSA-293562",
        "trust": 2.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-284673",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "98369",
        "trust": 2.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-546832",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1038463",
        "trust": 1.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-129-02",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-574",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06151",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-128-01",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004134",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "296C9514-B30D-4FA5-BCDC-9D8B2E9620C4",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-99023",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-110883",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06151"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110883"
      },
      {
        "db": "BID",
        "id": "98369"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004134"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-574"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2680"
      }
    ]
  },
  "id": "VAR-201705-3220",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06151"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110883"
      }
    ],
    "trust": 1.5467968472
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06151"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:56:02.371000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-293562",
        "trust": 0.8,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf"
      },
      {
        "title": "Patch for a number of Siemens products with a denial of service vulnerability (CNVD-2017-06151)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/93364"
      },
      {
        "title": "Multiple Siemens Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70052"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-06151"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004134"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-574"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110883"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004134"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2680"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-023-02"
      },
      {
        "trust": 2.0,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/98369"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1038463"
      },
      {
        "trust": 1.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-129-02"
      },
      {
        "trust": 1.0,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-546832.html"
      },
      {
        "trust": 1.0,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-284673.html"
      },
      {
        "trust": 1.0,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-293562.html"
      },
      {
        "trust": 0.9,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2680"
      },
      {
        "trust": 0.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-128-01"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2680"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-129-02"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-06151"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110883"
      },
      {
        "db": "BID",
        "id": "98369"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004134"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-574"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2680"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06151"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110883"
      },
      {
        "db": "BID",
        "id": "98369"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004134"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-574"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2680"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-09T00:00:00",
        "db": "IVD",
        "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4"
      },
      {
        "date": "2017-05-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-06151"
      },
      {
        "date": "2017-05-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110883"
      },
      {
        "date": "2017-05-08T00:00:00",
        "db": "BID",
        "id": "98369"
      },
      {
        "date": "2017-06-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004134"
      },
      {
        "date": "2017-05-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-574"
      },
      {
        "date": "2017-05-11T01:29:05.400000",
        "db": "NVD",
        "id": "CVE-2017-2680"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-06151"
      },
      {
        "date": "2020-09-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110883"
      },
      {
        "date": "2018-05-09T14:00:00",
        "db": "BID",
        "id": "98369"
      },
      {
        "date": "2018-05-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004134"
      },
      {
        "date": "2022-02-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-574"
      },
      {
        "date": "2024-11-21T03:23:57.563000",
        "db": "NVD",
        "id": "CVE-2017-2680"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-574"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Siemens Service disruption in products  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004134"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-574"
      }
    ],
    "trust": 0.6
  }
}

var-201910-1595
Vulnerability from variot

Affected devices improperly handle large amounts of specially crafted UDP packets.

This could allow an unauthenticated remote attacker to trigger a denial of service condition. Several Siemens products are vulnerable to resource exhaustion.Denial of service (DoS) May be in a state. Siemens SIMATIC CFU PA and so on are the products of Germany's Siemens company. Siemens SIMATIC CFU PA is a compact field device. SIMATIC ET 200AL is a distributed I / O system module. SIMATIC ET 200M is a modular I / O system module for control cabinets for high density channel applications. A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM 155-5 PN BA (All versions < V4.3.0), SIMATIC ET 200MP IM 155-5 PN HF (All versions), SIMATIC ET 200MP IM 155-5 PN ST (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM 155-6 PN BA (All versions), SIMATIC ET 200SP IM 155-6 PN HA (All versions), SIMATIC ET 200SP IM 155-6 PN HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN HS (All versions), SIMATIC ET 200SP IM 155-6 PN ST (All versions), SIMATIC ET 200SP IM 155-6 PN/2 HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN/3 HF (All versions < V4.2.1), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions), SIMATIC HMI Comfort Panels 4" - 22" (All versions), SIMATIC HMI KTP Mobile Panels (All versions), SIMATIC PN/PN Coupler (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. F) (All versions), SIMATIC S7-1500 CPU family (incl. F) (All versions < V2.0), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400 V6 (incl F) and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 V8 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions < 4.8), SINAMICS G150 (Control Unit) (All versions < 4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S150 (Control Unit) (All versions < 4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions < V4.7 HF33), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. SIMATIC S7-1500 CPU is a CPU (central processing unit) module. SIMATIC S7-1500 is a programmable logic controller. SINUMERIK 840D sl is a set of advanced machine tool numerical control system. The following products and versions are affected: Siemens SIMATIC S7-1500 CPU series (including: related ET200 CPUs and SIPLUS variants); SIMATIC S7-1500 Software Controller; SIMATIC TDC CP51M1; SIMATIC TDC CPU555; SINAMICS DCM, etc

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201910-1595",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic cfu pa",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "1.2.0"
      },
      {
        "model": "simatic profinet driver",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "2.1"
      },
      {
        "model": "dk standard ethernet controller",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200al",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200m",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200s",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sinumerik 828d",
        "version": "4.8"
      },
      {
        "model": "simatic s7-400 dp v7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic s7-300 cpu 314",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "simatic hmi comfort panels 22\\\"",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinamics gl150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics g120",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic et 200sp im 155-6 pn hs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinumerik 828d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic s7-1500 cpu 1512c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinamics g130",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.2"
      },
      {
        "model": "simatic s7-1500t cpu",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "sinamics g130",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.2"
      },
      {
        "model": "simatic et 200sp im 155-6 pn\\/3 hf",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2.1"
      },
      {
        "model": "sinamics dcm",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.5"
      },
      {
        "model": "ek-ertec 200",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic et 200s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic pn\\/pn coupler",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2.1"
      },
      {
        "model": "simatic s7-1200 cpu 1214c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.4.0"
      },
      {
        "model": "sinamics s150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.2"
      },
      {
        "model": "simatic s7-400 v6",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.0.9"
      },
      {
        "model": "sinamics g110m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic s7-300 cpu 315",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic et 200ecopn",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic et 200sp im 155-6 pn st",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic et 200sp im 155-6 pn\\/2 hf",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2.2"
      },
      {
        "model": "sinamics s110",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinamics sl150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic s7-1200 cpu 1212c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.4.0"
      },
      {
        "model": "simatic et 200mp im 155-5 pn hf",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.4.0"
      },
      {
        "model": "simatic s7-300 cpu 313",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "simatic s7-300 cpu 318-2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "simatic s7-300 cpu 312 ifm",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "sinamics s150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.2"
      },
      {
        "model": "simatic et 200pro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic s7-1200 cpu",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.4.0"
      },
      {
        "model": "sinamics g110m",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic et 200sp im 155-6 pn ba",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic s7-410 v8",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.2.2"
      },
      {
        "model": "simatic et 200mp im 155-5 pn ba",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.3.0"
      },
      {
        "model": "simatic s7-300 cpu 316-2 dp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "sinamics gm150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic hmi comfort panels 4\\\"",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinamics sl150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic s7-300 cpu",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "simatic winac rtx \\",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "model": "ek-ertec 200p",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.6"
      },
      {
        "model": "simatic et 200m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic s7-300 cpu 314 ifm",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "dk standard ethernet controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic s7-1500 cpu 1511c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "simatic s7-300 cpu 315-2 dp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "sinamics g150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.2"
      },
      {
        "model": "sinamics sm120",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics s120",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.2"
      },
      {
        "model": "simatic hmi ktp mobile panels",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "ek-ertec 200p",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.6"
      },
      {
        "model": "simatic hmi comfort outdoor panels 7\\\"",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic s7-1500 cpu 1518",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "sinamics gm150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic winac rtx \\",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "model": "sinamics dcp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.3"
      },
      {
        "model": "sinamics gl150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic s7-400 pn v7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic et 200sp im 155-6 pn ha",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic s7-1500s cpu",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "simatic s7-400h v6",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.0.9"
      },
      {
        "model": "sinamics g120",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic et 200al",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinamics g150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.2"
      },
      {
        "model": "simatic et 200sp im 155-6 pn hf",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2.2"
      },
      {
        "model": "simatic et 200mp im 155-5 pn st",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinamics dcm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.5"
      },
      {
        "model": "simatic hmi comfort outdoor panels 15\\\"",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic s7-1200 cpu 1211c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.4.0"
      },
      {
        "model": "sinamics s120",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.2"
      },
      {
        "model": "simatic s7-1500 cpu",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "ek-ertec 200",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ek-ertec 200p p",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cfu pa",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200mp im 155-5 pn ba",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200mp im 155-5 pn hf",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200mp im 155-5 pn st",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-1200 cpu family",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ek-ertec",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "200"
      },
      {
        "model": "ek-ertec 200p",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200mp im pn ba",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "155-5\u003c4.2.3"
      },
      {
        "model": "simatic et 200mp im pn hf",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "155-5"
      },
      {
        "model": "simatic et 200mp im pn st",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "155-5"
      },
      {
        "model": "simatic et 200sp im pn ba",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "155-6"
      },
      {
        "model": "simatic et 200sp im pn ha",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "155-6"
      },
      {
        "model": "simatic et 200sp im pn hf",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "155-6\u003c4.2.2"
      },
      {
        "model": "simatic et 200sp im pn hs",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "155-6"
      },
      {
        "model": "simatic et 200sp im pn st",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "155-6"
      },
      {
        "model": "simatic et 200sp im pn/2 hf",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "155-6\u003c4.2.2"
      },
      {
        "model": "simatic et 200sp im pn/3 hf",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "155-6\u003c4.2.1"
      },
      {
        "model": "simatic et 200ecopn",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200pro",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic hmi comfort outdoor panels 7\" \u0026 15\"",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic hmi comfort panels 4\" 22\"",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic hmi ktp mobile panels",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic pn/pn coupler",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-1500 cpu family",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-300 cpu family",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400 pn/dp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v7"
      },
      {
        "model": "simatic s7-400 and below",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v6"
      },
      {
        "model": "simatic s7-400h",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v6\u003c6.0.9"
      },
      {
        "model": "simatic s7-410",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v8"
      },
      {
        "model": "simatic winac rtx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "model": "sinamics dcm",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics dcp",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics g110m sp10 hf5",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7\u003cv4.7"
      },
      {
        "model": "sinamics g120 sp10 hf5",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7\u003cv4.7"
      },
      {
        "model": "sinamics g130",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinamics g150",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics gh150",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinamics gl150",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinamics gm150",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinamics s110",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics s120",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinamics s150",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics sl150",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinamics sm120",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 828d sp5",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "dk standard ethernet controller",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200s",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200sp im 155 6 pn ba",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200sp im 155 6 pn ha",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200sp im 155 6 pn hf",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200sp im 155 6 pn hs",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200sp im 155 6 pn st",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200sp im 155 6 pn 2 hf",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200sp im 155 6 pn 3 hf",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200ecopn",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200pro",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ek ertec 200",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic hmi comfort outdoor panels 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic hmi comfort outdoor panels 15",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic hmi comfort panels 4",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic hmi comfort panels 22",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic hmi ktp mobile panels",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic pn pn coupler",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic profinet driver",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1200 cpu",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1200 cpu 1211c",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1200 cpu 1212c",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ek ertec 200p",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1200 cpu 1214c",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1500 cpu",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1500s cpu",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1500t cpu",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1500 cpu 1518",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1500 cpu 1511c",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1500 cpu 1512c",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu 312 ifm",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu 313",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cfu pa",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu 314",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu 314 ifm",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu 315",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu 315 2 dp",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu 316 2 dp",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300 cpu 318 2",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400 pn v7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400 dp v7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400 v6",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400h v6",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200al",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 410 v8",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic winac rtx f 2010",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics dcm",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics dcm",
        "version": "1.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics dcp",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g110m",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g120",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g130",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g150",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics gl150",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics gm150",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200m",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics s110",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics s120",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics s150",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics sl150",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics sm120",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 828d",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200mp im 155 5 pn ba",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200mp im 155 5 pn hf",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200mp im 155 5 pn st",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "ea2714fa-253a-4380-82d5-35652a5540fb"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-36853"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010605"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10936"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:dk_standard_ethernet_controller_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:ek-ertec_200_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:ek-ertec_200p_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cfu_pa_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200al_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200m_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200mp_im_155-5_pn_ba_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200mp_im_155-5_pn_hf_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200mp_im_155-5_pn_st_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200s_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010605"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens reported this vulnerability to CISA.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-639"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-10936",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-10936",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-36853",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "ea2714fa-253a-4380-82d5-35652a5540fb",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-142532",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-10936",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-10936",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-10936",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2019-10936",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-10936",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-36853",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201910-639",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "ea2714fa-253a-4380-82d5-35652a5540fb",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-142532",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "ea2714fa-253a-4380-82d5-35652a5540fb"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-36853"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010605"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-639"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10936"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10936"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Affected devices improperly handle large amounts of specially crafted UDP packets. \r\n\r\nThis could allow an unauthenticated remote attacker to trigger a denial of service condition. Several Siemens products are vulnerable to resource exhaustion.Denial of service (DoS) May be in a state. Siemens SIMATIC CFU PA and so on are the products of Germany\u0027s Siemens company. Siemens SIMATIC CFU PA is a compact field device. SIMATIC ET 200AL is a distributed I / O system module. SIMATIC ET 200M is a modular I / O system module for control cabinets for high density channel applications. A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions \u003c V1.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM 155-5 PN BA (All versions \u003c V4.3.0), SIMATIC ET 200MP IM 155-5 PN HF (All versions), SIMATIC ET 200MP IM 155-5 PN ST (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM 155-6 PN BA (All versions), SIMATIC ET 200SP IM 155-6 PN HA (All versions), SIMATIC ET 200SP IM 155-6 PN HF (All versions \u003c V4.2.2), SIMATIC ET 200SP IM 155-6 PN HS (All versions), SIMATIC ET 200SP IM 155-6 PN ST (All versions), SIMATIC ET 200SP IM 155-6 PN/2 HF (All versions \u003c V4.2.2), SIMATIC ET 200SP IM 155-6 PN/3 HF (All versions \u003c V4.2.1), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels (All versions), SIMATIC PN/PN Coupler (All versions), SIMATIC PROFINET Driver (All versions \u003c V2.1), SIMATIC S7-1200 CPU family (incl. F) (All versions), SIMATIC S7-1500 CPU family (incl. F) (All versions \u003c V2.0), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400 V6 (incl F) and below (All versions), SIMATIC S7-400H V6 (All versions \u003c V6.0.9), SIMATIC S7-410 V8 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions \u003c SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions \u003c V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (PN Control Unit) (All versions \u003c V4.7 SP10 HF5), SINAMICS G120 V4.7 (PN Control Unit) (All versions \u003c V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions \u003c 4.8), SINAMICS G150 (Control Unit) (All versions \u003c 4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S150 (Control Unit) (All versions \u003c 4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions \u003c V4.7 HF33), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions \u003c V4.8 SP5), SINUMERIK 840D sl (All versions). The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. SIMATIC S7-1500 CPU is a CPU (central processing unit) module. SIMATIC S7-1500 is a programmable logic controller. SINUMERIK 840D sl is a set of advanced machine tool numerical control system. The following products and versions are affected: Siemens SIMATIC S7-1500 CPU series (including: related ET200 CPUs and SIPLUS variants); SIMATIC S7-1500 Software Controller; SIMATIC TDC CP51M1; SIMATIC TDC CPU555; SINAMICS DCM, etc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-10936"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010605"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-36853"
      },
      {
        "db": "IVD",
        "id": "ea2714fa-253a-4380-82d5-35652a5540fb"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142532"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-10936",
        "trust": 3.3
      },
      {
        "db": "SIEMENS",
        "id": "SSA-473245",
        "trust": 1.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-283-02",
        "trust": 1.4
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-639",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-36853",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010605",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3813",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3813.3",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "EA2714FA-253A-4380-82D5-35652A5540FB",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-142532",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "ea2714fa-253a-4380-82d5-35652a5540fb"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-36853"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010605"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-639"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10936"
      }
    ]
  },
  "id": "VAR-201910-1595",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "ea2714fa-253a-4380-82d5-35652a5540fb"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-36853"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142532"
      }
    ],
    "trust": 1.6334674204444446
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "ea2714fa-253a-4380-82d5-35652a5540fb"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-36853"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:58:29.466000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-473245",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf"
      },
      {
        "title": "Patch for Multiple Siemens Product Denial of Service Vulnerabilities (CNVD-2019-36853)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/186551"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36853"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010605"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-142532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010605"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10936"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-19-283-02"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10936"
      },
      {
        "trust": 1.2,
        "url": "https://vigilance.fr/vulnerability/simatic-denial-of-service-via-profinet-udp-packets-30562"
      },
      {
        "trust": 1.0,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-473245.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10936"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3813/"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-283-02"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3813.3/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36853"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010605"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-639"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10936"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "ea2714fa-253a-4380-82d5-35652a5540fb"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-36853"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010605"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-639"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10936"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-23T00:00:00",
        "db": "IVD",
        "id": "ea2714fa-253a-4380-82d5-35652a5540fb"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-36853"
      },
      {
        "date": "2019-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-142532"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010605"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-639"
      },
      {
        "date": "2019-10-10T14:15:14.707000",
        "db": "NVD",
        "id": "CVE-2019-10936"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-36853"
      },
      {
        "date": "2023-01-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-142532"
      },
      {
        "date": "2019-11-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010605"
      },
      {
        "date": "2023-05-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-639"
      },
      {
        "date": "2024-11-21T04:20:11.257000",
        "db": "NVD",
        "id": "CVE-2019-10936"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-639"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple Siemens products vulnerable to resource depletion",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010605"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Resource management error",
    "sources": [
      {
        "db": "IVD",
        "id": "ea2714fa-253a-4380-82d5-35652a5540fb"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-639"
      }
    ],
    "trust": 0.8
  }
}

var-202110-0563
Vulnerability from variot

A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device. SINUMERIK 808D and SINUMERIK 828D Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202110-0563",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinumerik 828d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.95"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinumerik 828d",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "sinumerik 808d",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013658"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37199"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "reported this vulnerability to Siemens.,Industrial Control Security Laboratory of Qi An Xin Group Inc.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-887"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-37199",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2021-37199",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-37199",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-37199",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-37199",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-37199",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202110-887",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-37199",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-37199"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013658"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-887"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37199"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions \u003c V4.95). Affected devices don\u0027t process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device. SINUMERIK 808D and SINUMERIK 828D Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-37199"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013658"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37199"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-37199",
        "trust": 3.3
      },
      {
        "db": "SIEMENS",
        "id": "SSA-178380",
        "trust": 1.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-287-04",
        "trust": 1.4
      },
      {
        "db": "JVN",
        "id": "JVNVU95938083",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013658",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3439",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021101316",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-887",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37199",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-37199"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013658"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-887"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37199"
      }
    ]
  },
  "id": "VAR-202110-0563",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.65625
  },
  "last_update_date": "2024-08-14T12:12:04.871000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-178380",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-178380.pdf"
      },
      {
        "title": "Siemens Sinumerik 808D Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166557"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=164d067f0b6630b0f3c173f7fdaf4dc8"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-37199"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013658"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-887"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-122",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      },
      {
        "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013658"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37199"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-178380.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37199"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95938083/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-04"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021101316"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-287-04"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3439"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/787.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-178380.txt"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-37199"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013658"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-887"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37199"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2021-37199"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013658"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-887"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37199"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-10-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-37199"
      },
      {
        "date": "2022-09-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-013658"
      },
      {
        "date": "2021-10-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202110-887"
      },
      {
        "date": "2021-10-12T10:15:12.600000",
        "db": "NVD",
        "id": "CVE-2021-37199"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-10-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-37199"
      },
      {
        "date": "2022-09-21T02:56:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-013658"
      },
      {
        "date": "2021-10-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202110-887"
      },
      {
        "date": "2021-10-19T11:55:23.290000",
        "db": "NVD",
        "id": "CVE-2021-37199"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-887"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SINUMERIK\u00a0808D\u00a0 and \u00a0SINUMERIK\u00a0828D\u00a0 Out-of-bounds write vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013658"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-887"
      }
    ],
    "trust": 0.6
  }
}

var-201812-0459
Vulnerability from variot

A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to cause a Denial-of-Service condition of the VNC server. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 828D and SINUMERIK 840D sl Contains vulnerabilities related to authorization, permissions, and access control.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. Security vulnerabilities exist in several Siemens products. A heap based buffer-overflow vulnerability. 2. An integer overflow vulnerability. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0459",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinumerik 840d sl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 840d sl",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 840d sp6 hf5",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 840d sp3",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "sinumerik 840d sl",
        "version": "*"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl sp6 hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 828d",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d8171b0-463f-11e9-8d83-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25421"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013112"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-605"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11464"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_828d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_840d_sl_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013112"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.",
    "sources": [
      {
        "db": "BID",
        "id": "106185"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-11464",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2018-11464",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-25421",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "7d8171b0-463f-11e9-8d83-000c29342cb1",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-121326",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "id": "CVE-2018-11464",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-11464",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-11464",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-25421",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-605",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "IVD",
            "id": "7d8171b0-463f-11e9-8d83-000c29342cb1",
            "trust": 0.2,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-121326",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d8171b0-463f-11e9-8d83-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25421"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121326"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013112"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-605"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11464"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to cause a Denial-of-Service condition of the VNC server. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 828D and SINUMERIK 840D sl Contains vulnerabilities related to authorization, permissions, and access control.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. Security vulnerabilities exist in several Siemens products. A heap based buffer-overflow vulnerability. \n2. An integer overflow vulnerability. \n3. A security bypass vulnerability. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the  context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11464"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013112"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25421"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "IVD",
        "id": "7d8171b0-463f-11e9-8d83-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121326"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-11464",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-170881",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "106185",
        "trust": 2.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-345-02",
        "trust": 1.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-605",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25421",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013112",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "7D8171B0-463F-11E9-8D83-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-121326",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d8171b0-463f-11e9-8d83-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25421"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121326"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013112"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-605"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11464"
      }
    ]
  },
  "id": "VAR-201812-0459",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7d8171b0-463f-11e9-8d83-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25421"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121326"
      }
    ],
    "trust": 1.724179296
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d8171b0-463f-11e9-8d83-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25421"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:37:56.022000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-170881",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "title": "Patches for multiple Siemens product denial of service vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/147349"
      },
      {
        "title": "Multiple Siemens Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87849"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25421"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013112"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-605"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-248",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013112"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11464"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/106185"
      },
      {
        "trust": 1.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11464"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11464"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      },
      {
        "trust": 0.3,
        "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25421"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121326"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013112"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-605"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11464"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7d8171b0-463f-11e9-8d83-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25421"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121326"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013112"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-605"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11464"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "IVD",
        "id": "7d8171b0-463f-11e9-8d83-000c29342cb1"
      },
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25421"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121326"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013112"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-605"
      },
      {
        "date": "2018-12-12T16:29:00.590000",
        "db": "NVD",
        "id": "CVE-2018-11464"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25421"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121326"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-03-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013112"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-605"
      },
      {
        "date": "2024-11-21T03:43:25.303000",
        "db": "NVD",
        "id": "CVE-2018-11464"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-605"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SINUMERIK 828D and  SINUMERIK 840D sl Vulnerabilities related to authorization, permissions, and access control",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013112"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-605"
      }
    ],
    "trust": 0.6
  }
}

var-201812-0453
Vulnerability from variot

A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 5900/tcp. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 828D and SINUMERIK 840D Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. An integer overflow vulnerability exists in the Siemens SINUMERIK CNC Controller. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities: 1. A heap based buffer-overflow vulnerability. 2. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0453",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinumerik 840d sl v4.8",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 828d v4.7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl v4.7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 840d sl",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 840d sp6 hf5",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 840d sp3",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 828d v4.7",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl v4.8",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl v4.7",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl sp6 hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 828d v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl v4 8",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25415"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-599"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11458"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_828d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_840d_sl_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013322"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.",
    "sources": [
      {
        "db": "BID",
        "id": "106185"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-11458",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2018-11458",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-25415",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-121319",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "id": "CVE-2018-11458",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-11458",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-11458",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-25415",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-599",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-121319",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25415"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-599"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11458"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 5900/tcp. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 828D and SINUMERIK 840D Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. An integer overflow vulnerability exists in the Siemens SINUMERIK CNC Controller. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities:\n1. A heap based buffer-overflow vulnerability. \n2. \n3. A security bypass vulnerability. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the  context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11458"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013322"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25415"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "IVD",
        "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121319"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-11458",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-170881",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "106185",
        "trust": 2.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-345-02",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-599",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25415",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013322",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "7D81E6E0-463F-11E9-A90D-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-121319",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25415"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121319"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-599"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11458"
      }
    ]
  },
  "id": "VAR-201812-0453",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25415"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121319"
      }
    ],
    "trust": 1.724179296
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25415"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:37:55.736000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-170881",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "title": "Patches for multiple Siemens product integer overflow vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/147315"
      },
      {
        "title": "Multiple Siemens Product digital error vulnerability fixes",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87843"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25415"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-599"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-190",
        "trust": 1.0
      },
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013322"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11458"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/106185"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11458"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11458"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      },
      {
        "trust": 0.3,
        "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25415"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121319"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-599"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11458"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25415"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121319"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-599"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11458"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "IVD",
        "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1"
      },
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25415"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121319"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-02-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013322"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-599"
      },
      {
        "date": "2018-12-12T16:29:00.310000",
        "db": "NVD",
        "id": "CVE-2018-11458"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25415"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121319"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-03-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013322"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-599"
      },
      {
        "date": "2024-11-21T03:43:24.570000",
        "db": "NVD",
        "id": "CVE-2018-11458"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-599"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SINUMERIK 828D and  SINUMERIK 840D Vulnerabilities related to authorization, permissions, and access control",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013322"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-599"
      }
    ],
    "trust": 0.6
  }
}

var-201812-0456
Vulnerability from variot

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker with user privileges could use the service command application for privilege escalation to an elevated user but not root. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A Permission Access Control Vulnerability exists in the Siemens SINUMERIK CNC Controller. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities: 1. A heap based buffer-overflow vulnerability. 2. An integer overflow vulnerability. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0456",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinumerik 840d sl v4.8",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 808d v4.7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinumerik 840d sl v4.7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d v4.8",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinumerik 828d v4.7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 840d sl",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 840d sp6 hf5",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 840d sp3",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 808d v4.8",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 808d v4.7",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d v4.7",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl v4.8",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl v4.7",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl sp6 hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 808d v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 808d v4 8",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 828d v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl v4 8",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d81e6df-463f-11e9-b66b-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25418"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013316"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-602"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11461"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_808d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_828d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_840d_sl_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013316"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.",
    "sources": [
      {
        "db": "BID",
        "id": "106185"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-11461",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-11461",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2018-25418",
            "impactScore": 8.5,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:C/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "7d81e6df-463f-11e9-b66b-000c29342cb1",
            "impactScore": 8.5,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:C/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-121323",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "LOW",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.8,
            "id": "CVE-2018-11461",
            "impactScore": 4.7,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-11461",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-11461",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-25418",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-602",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "7d81e6df-463f-11e9-b66b-000c29342cb1",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-121323",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d81e6df-463f-11e9-b66b-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25418"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121323"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013316"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-602"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11461"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). A local attacker with user privileges could use the service command application for privilege escalation to an elevated user but not root. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A Permission Access Control Vulnerability exists in the Siemens SINUMERIK CNC Controller. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities:\n1. A heap based buffer-overflow vulnerability. \n2. An integer overflow vulnerability. \n3. A security bypass vulnerability. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the  context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013316"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25418"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "IVD",
        "id": "7d81e6df-463f-11e9-b66b-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121323"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-11461",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "106185",
        "trust": 2.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-170881",
        "trust": 2.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-345-02",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-602",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25418",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013316",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "7D81E6DF-463F-11E9-B66B-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-121323",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d81e6df-463f-11e9-b66b-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25418"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121323"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013316"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-602"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11461"
      }
    ]
  },
  "id": "VAR-201812-0456",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7d81e6df-463f-11e9-b66b-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25418"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121323"
      }
    ],
    "trust": 1.724179296
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d81e6df-463f-11e9-b66b-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25418"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:37:56.062000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-170881",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "title": "Patches for multiple Siemens product access control vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/147319"
      },
      {
        "title": "Multiple Siemens Product Privilege License and Access Control Vulnerability Fixes",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87846"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25418"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013316"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-602"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.8
      },
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013316"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11461"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/106185"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11461"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11461"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      },
      {
        "trust": 0.3,
        "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25418"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121323"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013316"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-602"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11461"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7d81e6df-463f-11e9-b66b-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25418"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121323"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013316"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-602"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11461"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "IVD",
        "id": "7d81e6df-463f-11e9-b66b-000c29342cb1"
      },
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25418"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121323"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-02-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013316"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-602"
      },
      {
        "date": "2018-12-12T16:29:00.450000",
        "db": "NVD",
        "id": "CVE-2018-11461"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25418"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121323"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-03-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013316"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-602"
      },
      {
        "date": "2024-11-21T03:43:24.937000",
        "db": "NVD",
        "id": "CVE-2018-11461"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-602"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  SINUMERIK Vulnerabilities related to authorization, authority, and access control in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013316"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-602"
      }
    ],
    "trust": 0.6
  }
}

var-201812-0461
Vulnerability from variot

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). Specially crafted network packets sent to port 102/tcp (ISO-TSAP) could allow a remote attacker to either cause a Denial-of-Service condition of the integrated software firewall or allow to execute code in the context of the software firewall. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 102/tcp. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. Security vulnerabilities exist in several Siemens products. And integrity. A heap based buffer-overflow vulnerability. 2. An integer overflow vulnerability. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0461",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinumerik 840d sl v4.8",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 808d v4.7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinumerik 840d sl v4.7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d v4.8",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinumerik 828d v4.7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 840d sl",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 840d sp6 hf5",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 840d sp3",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 808d v4.8",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 808d v4.7",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d v4.7",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl v4.8",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl v4.7",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl sp6 hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 808d v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 808d v4 8",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl v4 8",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 828d v4 7",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25423"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013320"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-607"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11466"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_808d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_828d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_840d_sl_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013320"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.",
    "sources": [
      {
        "db": "BID",
        "id": "106185"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-11466",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-11466",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-25423",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-121328",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-11466",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-11466",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-11466",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-25423",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-607",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-121328",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25423"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121328"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013320"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-607"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11466"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). Specially crafted network packets sent to port 102/tcp (ISO-TSAP) could allow a remote attacker to either cause a Denial-of-Service condition of the integrated software firewall or allow to execute code in the context of the software firewall. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 102/tcp. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. Security vulnerabilities exist in several Siemens products. And integrity. A heap based buffer-overflow vulnerability. \n2. An integer overflow vulnerability. \n3. A security bypass vulnerability. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the  context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11466"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013320"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25423"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "IVD",
        "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121328"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-11466",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-170881",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "106185",
        "trust": 2.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-345-02",
        "trust": 1.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-607",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25423",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013320",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "7D847EF2-463F-11E9-B6C1-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-121328",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25423"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121328"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013320"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-607"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11466"
      }
    ]
  },
  "id": "VAR-201812-0461",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25423"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121328"
      }
    ],
    "trust": 1.724179296
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25423"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:37:55.777000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-170881",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "title": "Patches for multiple Siemens product remote code execution vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/147347"
      },
      {
        "title": "Multiple Siemens Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87852"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25423"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013320"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-607"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-248",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013320"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11466"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/106185"
      },
      {
        "trust": 1.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11466"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11466"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      },
      {
        "trust": 0.3,
        "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25423"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121328"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013320"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-607"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11466"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25423"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121328"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013320"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-607"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11466"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "IVD",
        "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1"
      },
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25423"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121328"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-02-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013320"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-607"
      },
      {
        "date": "2018-12-12T16:29:00.700000",
        "db": "NVD",
        "id": "CVE-2018-11466"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25423"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121328"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-03-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013320"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-607"
      },
      {
        "date": "2024-11-21T03:43:25.563000",
        "db": "NVD",
        "id": "CVE-2018-11466"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-607"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  SINUMERIK Access control vulnerabilities in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013320"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-607"
      }
    ],
    "trust": 0.6
  }
}

var-201812-0460
Vulnerability from variot

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could use ioctl calls to do out of bounds reads, arbitrary writes, or execute code in kernel mode. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. Security vulnerabilities exist in several Siemens products. A heap based buffer-overflow vulnerability. 2. An integer overflow vulnerability. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0460",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinumerik 840d sl v4.8",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 808d v4.7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinumerik 840d sl v4.7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d v4.8",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinumerik 828d v4.7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 840d sl",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 840d sp6 hf5",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 840d sp3",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 808d v4.8",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 808d v4.7",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d v4.7",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl v4.8",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl v4.7",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl sp6 hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 808d v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 808d v4 8",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 828d v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl v4 8",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d8171b1-463f-11e9-8168-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25422"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013319"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-606"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11465"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_808d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_828d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_840d_sl_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013319"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.",
    "sources": [
      {
        "db": "BID",
        "id": "106185"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-11465",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-11465",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2018-25422",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "7d8171b1-463f-11e9-8168-000c29342cb1",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-121327",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2018-11465",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-11465",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-11465",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-25422",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-606",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "7d8171b1-463f-11e9-8168-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-121327",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d8171b1-463f-11e9-8168-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25422"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121327"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013319"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-606"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11465"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). A local attacker could use ioctl calls to do out of bounds reads, arbitrary writes, or execute code in kernel mode. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. Security vulnerabilities exist in several Siemens products. A heap based buffer-overflow vulnerability. \n2. An integer overflow vulnerability. \n3. A security bypass vulnerability. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the  context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11465"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013319"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25422"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "IVD",
        "id": "7d8171b1-463f-11e9-8168-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121327"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-11465",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-170881",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "106185",
        "trust": 2.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-345-02",
        "trust": 1.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-606",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25422",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013319",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "7D8171B1-463F-11E9-8168-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-121327",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d8171b1-463f-11e9-8168-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25422"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121327"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013319"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-606"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11465"
      }
    ]
  },
  "id": "VAR-201812-0460",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7d8171b1-463f-11e9-8168-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25422"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121327"
      }
    ],
    "trust": 1.724179296
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d8171b1-463f-11e9-8168-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25422"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:37:55.982000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-170881",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "title": "Patches for multiple Siemens product local access vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/147329"
      },
      {
        "title": "Multiple Siemens Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87850"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25422"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013319"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-606"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-248",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-121327"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013319"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11465"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/106185"
      },
      {
        "trust": 1.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11465"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11465"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      },
      {
        "trust": 0.3,
        "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25422"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121327"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013319"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-606"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11465"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7d8171b1-463f-11e9-8168-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25422"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121327"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013319"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-606"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11465"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "IVD",
        "id": "7d8171b1-463f-11e9-8168-000c29342cb1"
      },
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25422"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121327"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-02-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013319"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-606"
      },
      {
        "date": "2018-12-12T16:29:00.653000",
        "db": "NVD",
        "id": "CVE-2018-11465"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25422"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121327"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-03-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013319"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-606"
      },
      {
        "date": "2024-11-21T03:43:25.427000",
        "db": "NVD",
        "id": "CVE-2018-11465"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-606"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  SINUMERIK Product out-of-bounds vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013319"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer error",
    "sources": [
      {
        "db": "IVD",
        "id": "7d8171b1-463f-11e9-8168-000c29342cb1"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-606"
      }
    ],
    "trust": 0.8
  }
}

var-201812-0452
Vulnerability from variot

A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated web server on port 4842/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 4842/tcp. Please note that this vulnerability is only exploitable if port 4842/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices on port 4842/tcp. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the web server. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 828D and SINUMERIK 840D Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A heap buffer overflow vulnerability exists in the Siemens SINUMERIK CNC Controller. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities: 1. A heap based buffer-overflow vulnerability. 2. An integer overflow vulnerability. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0452",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinumerik 840d sl v4.8",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 828d v4.7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl v4.7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 840d sl",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 840d sp6 hf5",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 840d sp3",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 828d v4.7",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl v4.8",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl v4.7",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl sp6 hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 828d v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl v4 8",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d823502-463f-11e9-8a07-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25413"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013321"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-598"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11457"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_828d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_840d_sl_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013321"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.",
    "sources": [
      {
        "db": "BID",
        "id": "106185"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-11457",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2018-11457",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-25413",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "7d823502-463f-11e9-8a07-000c29342cb1",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-121318",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "id": "CVE-2018-11457",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-11457",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-11457",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-25413",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-598",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "7d823502-463f-11e9-8a07-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-121318",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d823502-463f-11e9-8a07-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25413"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121318"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013321"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-598"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11457"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). The integrated web server on port 4842/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 4842/tcp. Please note that this vulnerability is only exploitable if port 4842/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices on port 4842/tcp. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the web server. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 828D and SINUMERIK 840D Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A heap buffer overflow vulnerability exists in the Siemens SINUMERIK CNC Controller. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities:\n1. A heap based buffer-overflow vulnerability. \n2. An integer overflow vulnerability. \n3. A security bypass vulnerability. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the  context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11457"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013321"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25413"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "IVD",
        "id": "7d823502-463f-11e9-8a07-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121318"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-11457",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-170881",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "106185",
        "trust": 2.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-345-02",
        "trust": 1.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-598",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25413",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013321",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "7D823502-463F-11E9-8A07-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-121318",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d823502-463f-11e9-8a07-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25413"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121318"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013321"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-598"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11457"
      }
    ]
  },
  "id": "VAR-201812-0452",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7d823502-463f-11e9-8a07-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25413"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121318"
      }
    ],
    "trust": 1.724179296
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d823502-463f-11e9-8a07-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25413"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:37:55.818000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-170881",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "title": "Patches for multiple Siemens product heap buffer overflow vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/147309"
      },
      {
        "title": "Multiple Siemens Product Buffer Error Vulnerability Fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87842"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25413"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013321"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-598"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-122",
        "trust": 1.0
      },
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013321"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11457"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/106185"
      },
      {
        "trust": 1.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11457"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11457"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      },
      {
        "trust": 0.3,
        "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25413"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121318"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013321"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-598"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11457"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7d823502-463f-11e9-8a07-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25413"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121318"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013321"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-598"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11457"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "IVD",
        "id": "7d823502-463f-11e9-8a07-000c29342cb1"
      },
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25413"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121318"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-02-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013321"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-598"
      },
      {
        "date": "2018-12-12T16:29:00.247000",
        "db": "NVD",
        "id": "CVE-2018-11457"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25413"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121318"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-03-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013321"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-598"
      },
      {
        "date": "2024-11-21T03:43:24.447000",
        "db": "NVD",
        "id": "CVE-2018-11457"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-598"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SINUMERIK 828D and  SINUMERIK 840D Vulnerabilities related to authorization, permissions, and access control",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013321"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-598"
      }
    ],
    "trust": 0.6
  }
}

var-201803-2159
Vulnerability from variot

A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (All versions < V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.16), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX 2010 (All versions < V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions < V2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a denial of service condition of the requesting system.

The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. A manual restart is required to recover the system. plural Siemens The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Siemens SIMATIC CP 343-1 Advanced is an Ethernet communication module for supporting PROFINET, a new generation of automation bus standard based on Industrial Ethernet technology. SIMATIC S7-1500 is a programmable logic controller.

A denial of service vulnerability exists in several Siemens products. Siemens SIMATIC/SINUMERIK/PROFINET IO are prone to a denial-of-service vulnerability. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected. F; SINUMERIK 828D; SINUMERIK 840D sl; Softnet PROFINET IO for PC-based Windows systems

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2159",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic s7-410",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "8.1"
      },
      {
        "model": "simatic s7-400 pn\\/dp v7",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic winac rtx 2010",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 343-1",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "softnet pn-io linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-300",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400 h v6",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.7.0"
      },
      {
        "model": "simatic s7-400 pn\\/dp v6",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.0.7"
      },
      {
        "model": "simatic cp 343-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-300",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400 pn/dp v6",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400 pn/dp v7",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400h v6",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-410",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic winac rtx 2010",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "softnet profinet io",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "for pc-based windows systems firmware"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1"
      },
      {
        "model": "simatic cp standard",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1"
      },
      {
        "model": "simatic cp standard",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      },
      {
        "model": "simatic s7-1500 software controller incl. f",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1.7.0"
      },
      {
        "model": "simatic s7-1500 incl. f",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1.7.0"
      },
      {
        "model": "simatic s7-300 incl. f and t",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400 h",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v6"
      },
      {
        "model": "simatic s7-400 pn/dp incl. f",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v6\u003c6.0.7"
      },
      {
        "model": "simatic s7-400 pn/dp incl. f",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v7"
      },
      {
        "model": "simatic winac rtx incl. f",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "softnet profinet io for pc-based windows systems",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "simatic cp 343 1",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "simatic cp 443 1",
        "version": null
      },
      {
        "model": "softnet profinet io",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sinumerik 840d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic winac rtx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "20100"
      },
      {
        "model": "simatic s7-410",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "8"
      },
      {
        "model": "simatic s7-400 pn/dp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7"
      },
      {
        "model": "simatic s7-400 pn/dp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "6"
      },
      {
        "model": "simatic s7-400 h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v60"
      },
      {
        "model": "simatic s7-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic s7-1500 software controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic s7-1500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic cp standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "443-10"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "443-10"
      },
      {
        "model": "simatic cp standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "343-10"
      },
      {
        "model": "simatic cp advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "343-10"
      },
      {
        "model": "simatic s7-410",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "8.1"
      },
      {
        "model": "simatic s7-400 pn/dp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "6.0.7"
      },
      {
        "model": "simatic s7-1500 software controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.7"
      },
      {
        "model": "simatic s7-1500",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 410",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic winac rtx 2010",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 828d",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "softnet pn io linux",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1500",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400 h v6",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400 pn dp v6",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400 pn dp v7",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "db": "BID",
        "id": "103465"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4843"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_343-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-1500_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-300_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-400_pn%2Fdp_v6_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-400pn%2Fdp_v7_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-400h_v6_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-410_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_winac_rtx_2010_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_828d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:softnet_profinet_io_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens ProductCERT",
    "sources": [
      {
        "db": "BID",
        "id": "103465"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-4843",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "CVE-2018-4843",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.6,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.2,
            "id": "CNVD-2018-06025",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.6,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.2,
            "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "VHN-134874",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "productcert@siemens.com",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2018-4843",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-4843",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-4843",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2018-4843",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-4843",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-06025",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201803-723",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-134874",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134874"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4843"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4843"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in  SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (All versions \u003c V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions \u003c V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V1.7.0), SIMATIC S7-1500 Software Controller (All versions \u003c V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions \u003c V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-400 CPU 412-2 PN V7 (All versions \u003c V7.0.3), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.7), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions \u003c V8.1), SIMATIC WinAC RTX 2010 (All versions \u003c V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions \u003c V2010 SP3), SINUMERIK 828D (All versions \u003c V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions \u003c V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions \u003c V3.2.16), SIPLUS NET CP 443-1 (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (All versions \u003c V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions \u003c V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a denial of service condition of the requesting system. \r\n\r\nThe security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. A manual restart is required to recover the system. plural Siemens The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Siemens SIMATIC CP 343-1 Advanced is an Ethernet communication module for supporting PROFINET, a new generation of automation bus standard based on Industrial Ethernet technology. SIMATIC S7-1500 is a programmable logic controller. \n\nA denial of service vulnerability exists in several Siemens products. Siemens SIMATIC/SINUMERIK/PROFINET IO are prone to a denial-of-service vulnerability. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected. F; SINUMERIK 828D; SINUMERIK 840D sl; Softnet PROFINET IO for PC-based Windows systems",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4843"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "db": "BID",
        "id": "103465"
      },
      {
        "db": "IVD",
        "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134874"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-4843",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-592007",
        "trust": 2.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-079-02",
        "trust": 1.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-723",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "103465",
        "trust": 0.4
      },
      {
        "db": "IVD",
        "id": "E2E91DF0-39AB-11E9-BEF8-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-98995",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-134874",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134874"
      },
      {
        "db": "BID",
        "id": "103465"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4843"
      }
    ]
  },
  "id": "VAR-201803-2159",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134874"
      }
    ],
    "trust": 1.6436873514285715
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:55:55.082000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-592007",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf"
      },
      {
        "title": "Patch for Multiple Siemens Product Denial of Service Vulnerabilities (CNVD-2018-06025)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/122865"
      },
      {
        "title": "Multiple Siemens Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=79323"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134874"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4843"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-02"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4843"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4843"
      },
      {
        "trust": 0.3,
        "url": "http://www.siemens.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134874"
      },
      {
        "db": "BID",
        "id": "103465"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4843"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134874"
      },
      {
        "db": "BID",
        "id": "103465"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4843"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-22T00:00:00",
        "db": "IVD",
        "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1"
      },
      {
        "date": "2018-03-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "date": "2018-03-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134874"
      },
      {
        "date": "2018-03-20T00:00:00",
        "db": "BID",
        "id": "103465"
      },
      {
        "date": "2018-05-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "date": "2018-03-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      },
      {
        "date": "2018-03-20T14:29:00.413000",
        "db": "NVD",
        "id": "CVE-2018-4843"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-06025"
      },
      {
        "date": "2023-01-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134874"
      },
      {
        "date": "2018-03-20T00:00:00",
        "db": "BID",
        "id": "103465"
      },
      {
        "date": "2018-07-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      },
      {
        "date": "2023-05-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      },
      {
        "date": "2024-11-21T04:07:34.080000",
        "db": "NVD",
        "id": "CVE-2018-4843"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Siemens Vulnerability related to input validation in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003479"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input validation error",
    "sources": [
      {
        "db": "IVD",
        "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1"
      },
      {
        "db": "BID",
        "id": "103465"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-723"
      }
    ],
    "trust": 1.1
  }
}

var-201812-0457
Vulnerability from variot

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). By sending a specially crafted authentication request to the affected systems a remote attacker could escalate his privileges to an elevated user account but not to root. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. Permission access control vulnerabilities exist in several Siemens products. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities: 1. A heap based buffer-overflow vulnerability. 2. An integer overflow vulnerability. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0457",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinumerik 840d sl v4.8",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 808d v4.7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinumerik 840d sl v4.7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d v4.8",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinumerik 828d v4.7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 840d sl",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 840d sp6 hf5",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 840d sp3",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 808d v4.8",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 808d v4.7",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d v4.7",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl v4.8",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl v4.7",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl sp6 hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 808d v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 808d v4 8",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 828d v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl v4 8",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25419"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013317"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-603"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11462"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_808d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_828d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_840d_sl_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013317"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.",
    "sources": [
      {
        "db": "BID",
        "id": "106185"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-11462",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-11462",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-25419",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-121324",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-11462",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-11462",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-11462",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-25419",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-603",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-121324",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-11462",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25419"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121324"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-11462"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013317"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-603"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11462"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). By sending a specially crafted authentication request to the affected systems a remote attacker could escalate his privileges to an elevated user account but not to root. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. Permission access control vulnerabilities exist in several Siemens products. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities:\n1. A heap based buffer-overflow vulnerability. \n2. An integer overflow vulnerability. \n3. A security bypass vulnerability. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the  context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11462"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013317"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25419"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "IVD",
        "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121324"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-11462"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-11462",
        "trust": 3.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-170881",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "106185",
        "trust": 2.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-345-02",
        "trust": 1.2
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-603",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25419",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013317",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "7D81E6DE-463F-11E9-A7E2-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-121324",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-11462",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25419"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121324"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-11462"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013317"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-603"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11462"
      }
    ]
  },
  "id": "VAR-201812-0457",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25419"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121324"
      }
    ],
    "trust": 1.724179296
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25419"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:37:55.898000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-170881",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "title": "Patch for multiple Siemens Product Permission Access Control Vulnerabilities (CNVD-2018-25419)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/147325"
      },
      {
        "title": "Multiple Siemens Product Privilege License and Access Control Vulnerability Fixes",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87847"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=f0c2b52e2cee7c2c16aa1cae6ed75a3b"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25419"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-11462"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013317"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-603"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.8
      },
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013317"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11462"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/106185"
      },
      {
        "trust": 1.2,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11462"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11462"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      },
      {
        "trust": 0.3,
        "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25419"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121324"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-11462"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013317"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-603"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11462"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25419"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121324"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-11462"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013317"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-603"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11462"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "IVD",
        "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1"
      },
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25419"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121324"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-11462"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-02-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013317"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-603"
      },
      {
        "date": "2018-12-12T16:29:00.497000",
        "db": "NVD",
        "id": "CVE-2018-11462"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25419"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121324"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-11462"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-03-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013317"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-603"
      },
      {
        "date": "2024-11-21T03:43:25.053000",
        "db": "NVD",
        "id": "CVE-2018-11462"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-603"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  SINUMERIK Vulnerabilities related to authorization, authority, and access control in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013317"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-603"
      }
    ],
    "trust": 0.6
  }
}

var-201705-3221
Vulnerability from variot

Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. SIMATIC HMI is an industrial device from Siemens AG, Germany. The SIMATIC HMI panels are used for operator control and monitoring of machines and equipment. Multiple Siemens Products is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause a denial-of-service condition. Manual restart of the server is required to resume normal operation. A vulnerability has been identified in SIMATIC CP 343-1 Std (All versions), SIMATIC CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std (All versions < V3.2.17), SIMATIC CP 443-1 Adv (All versions < V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions < V2.1.82), SIMATIC CP 1243-1 IRC (All versions < V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions < V2.0), SIMATIC CM 1542SP-1 (All versions < V1.0.15), SIMATIC CP 1542SP-1 IRC (All versions < V1.0.15), SIMATIC CP 1543SP-1 (All versions < V1.0.15), SIMATIC CP 1543-1 (All versions < V2.1), SIMATIC RF650R (All versions < V3.0), SIMATIC RF680R (All versions < V3.0), SIMATIC RF685R (All versions < V3.0), SIMATIC CP 1616 (All versions < V2.7), SIMATIC CP 1604 (All versions < V2.7), SIMATIC DK-16xx PN IO (All versions < V2.7), SCALANCE X-200 (All versions < V5.2.2), SCALANCE X-200 IRT (All versions), SCALANCE X-300/X408 (All versions < V4.1.0), SCALANCE X414 (All versions < V3.10.2), SCALANCE XM400 (All versions < V6.1), SCALANCE XR500 (All versions < V6.1), SCALANCE W700 (All versions < V6.1), SCALANCE M-800, S615 (All versions < V4.03), Softnet PROFINET IO for PC-based Windows systems (All versions < V14 SP1), IE/PB-Link (All versions < V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions < V1.2.0), SITOP UPS1600 PROFINET (All versions < V2.2.0), SIMATIC ET 200AL (All versions < V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions < V4.0.1), SIMATIC ET 200MP IM155-5 PN ST (All versions < V4.1), SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST) (All versions), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM155-6 PN ST (All versions < V4.1.0), SIMATIC ET 200SP (except IM155-6 PN ST) (All versions), SIMATIC PN/PN Coupler (All versions < V4.0), Development/Evaluation Kit DK Standard Ethernet Controller (All versions < V4.1.1 Patch04), Development/Evaluation Kit EK-ERTEC 200P (All versions < V4.4.0 Patch01), Development/Evaluation Kit EK-ERTEC 200 (All versions < V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions < V2.3), SIMATIC S7-300 incl. F and T (All versions < V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.6), SIMATIC S7-400-H V6 (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions < V7.0.2), SIMATIC S7-410 (All versions < V8.2), SIMATIC S7-1200 incl. F (All versions < V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions < V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions < V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft Starter 3RW44 PN (All versions), SIRIUS Motor Starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions < V2.0.0), SINAMICS DCM w. PN (All versions < V1.4 SP1 HF5), SINAMICS DCP w. PN (All versions < V1.2 HF 1), SINAMICS G110M w. PN (All versions < V4.7 SP6 HF3), SINAMICS G120(C/P/D) w. PN (All versions < V4.7 SP6 HF3), SINAMICS G130 V4.7 w. PN (All versions < V4.7 HF27), SINAMICS G150 V4.7 w. PN (V4.7: All versions < V4.7 HF27), SINAMICS G130 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS G150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS S110 w. PN (All versions < V4.4 SP3 HF5), SINAMICS S120 V4.7 w. PN (All versions < V4.7 HF27), and others. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices. Siemens SIMATIC S7-300 F, etc. Siemens SIMATIC S7-300 F is a process controller. SIMATIC HMI Comfort Panels are touch screens

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3221",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.5"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.5"
      },
      {
        "model": "simatic hmi comfort panels",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic hmi mobile panels",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic rf650r",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "dk standard ethernet controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.1"
      },
      {
        "model": "sinamics s110 pn",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.4"
      },
      {
        "model": "scalance x414",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.10.2"
      },
      {
        "model": "simatic et 200sp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2.0"
      },
      {
        "model": "scalance x200 irt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.4.0"
      },
      {
        "model": "simatic cp 1243-1 dnp3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1616",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.7"
      },
      {
        "model": "sinamics g150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic cm 1542sp-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.15"
      },
      {
        "model": "sinamics g130",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics s120",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic cp 1604",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.7"
      },
      {
        "model": "sinamics s110 pn",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.4"
      },
      {
        "model": "simatic s7-1200",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2.1"
      },
      {
        "model": "ek-ertec 200p pn io",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.4.0"
      },
      {
        "model": "ie\\/pb-link",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "simatic cm 1542-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "sirius motor starter m200d profinet",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic rf680r",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "simatic cp 1243-1 irc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.1.82"
      },
      {
        "model": "sinamics dcp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.2"
      },
      {
        "model": "simotion",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.5"
      },
      {
        "model": "simatic cp 343-1 adv",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 443-1 opc-ua",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic et 200s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "dk standard ethernet controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.1"
      },
      {
        "model": "simatic teleservice adapter ie advanced modem",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic tdc cpu555",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1.1"
      },
      {
        "model": "simatic et 200al",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.2"
      },
      {
        "model": "simatic dk-16xx pn io",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.7"
      },
      {
        "model": "sinamics g150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics g110m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic s7-300",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3.17"
      },
      {
        "model": "simatic cp 1543sp-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.15"
      },
      {
        "model": "scalance xr500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": "simatic et 200ecopn",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "ek-ertec 200 pn io",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2.1"
      },
      {
        "model": "softnet profinet io",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "14"
      },
      {
        "model": "scalance m-800",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.03"
      },
      {
        "model": "simatic hmi multi panels",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "scalance s615",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.03"
      },
      {
        "model": "simatic cp 443-1 adv",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2.17"
      },
      {
        "model": "sinamics dcp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.2"
      },
      {
        "model": "simatic teleservice adapter ie basic modem",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simotion",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.5"
      },
      {
        "model": "sitop psu8600",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.2.0"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.5"
      },
      {
        "model": "simatic hmi mobile panels",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "scalance x200",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.2.2"
      },
      {
        "model": "simatic s7-1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.1"
      },
      {
        "model": "simatic cp 343-1 std",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1.3"
      },
      {
        "model": "simatic cp 1243-1 iec",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic et 200pro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinamics g110m",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "scalance xm400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": "scalance x408",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.0"
      },
      {
        "model": "simatic cp 343-1 lean",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1.3"
      },
      {
        "model": "sirius act 3su1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1.0"
      },
      {
        "model": "ek-ertec 200 pn io",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2.1"
      },
      {
        "model": "simatic tdc cp51m1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1.8"
      },
      {
        "model": "softnet profinet io",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "14"
      },
      {
        "model": "simatic et 200mp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.0.1"
      },
      {
        "model": "sinamics dcm",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.4"
      },
      {
        "model": "simatic s7-200 smart",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.3"
      },
      {
        "model": "simatic cp 1543-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.15"
      },
      {
        "model": "scalance w700",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": "simatic et 200m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinumerik 828d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic winac rtx",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "model": "simatic cp 1543sp-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.1"
      },
      {
        "model": "sinamics s150",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic cp 1542sp-1 irc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.15"
      },
      {
        "model": "simatic cp 443-1 std",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2.17"
      },
      {
        "model": "simatic s7-400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.0.6"
      },
      {
        "model": "sirius soft starter 3rw44 pn",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simocode pro v profinet",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0.0"
      },
      {
        "model": "simatic hmi comfort panels",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "ups1600 profinet",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.2.0"
      },
      {
        "model": "sinamics dcm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.4"
      },
      {
        "model": "simatic cp 1243-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.1.82"
      },
      {
        "model": "ie\\/as-i link pn io",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic s7-1500 software controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.1"
      },
      {
        "model": "sinamics v90 pn",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.01"
      },
      {
        "model": "scalance x300",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.0"
      },
      {
        "model": "simatic winac rtx",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2010"
      },
      {
        "model": "sinamics g130",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics s120",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic rf685r",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "ek-ertec 200p pn io",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.4.0"
      },
      {
        "model": "sinamics s150",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "simatic teleservice adapter standard modem",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "pn\\/pn coupler",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.0"
      },
      {
        "model": "sinumerik 828d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.5"
      },
      {
        "model": "sinamics g120\\ pn",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "dk standard ethernet controller",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ek-ertec 200 pn io",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ek-ertec 200p pn io",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ie/as-i link pn io",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ie/pb-link",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "pn/pn coupler",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance m-800",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance s615",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance w700",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance x200 irt",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance x200",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance x300",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance x408",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance x414",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xm400",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xr500",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cm 1542-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1243-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1542sp-1 irc",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1542sp-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1543-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1543sp-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1604",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 1616",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 343-1 adv",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 343-1 lean",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 343-1 std",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1 adv",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1 opc-ua",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1 std",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic dk-16xx pn io",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200al",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200ecopn",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200m",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200mp",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200pro",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200s",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic et 200sp",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic hmi multi panels",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic rf650r",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic rf680r",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic rf685r",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-1200",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-1500 software controller",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-200 smart",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-300",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic teleservice adapter ie advanced",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic teleservice adapter ie basic",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic teleservice adapter standard modem",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic winac rtx 2010",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simocode pro v profinet",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simotion",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics dcm",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics dcp",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics g110m",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics g120 w. pn",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics g130",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics g150",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics s110 w. pn",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics s120",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics s150",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics v90 w. pn",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 840d sl",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sirius act 3su1 interface module profinet",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sirius motor starter m200d profinet",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sirius soft starter 3rw44 pn",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sitop psu8600",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sitop ups1600 profinet",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "softnet profinet io",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "for pc-based windows systems firmware"
      },
      {
        "model": "simatic hmi multi panels",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics g150",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic hmi mobile panels",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics s120",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic hmi comfort panels",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics s110 w. pn",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "sinumerik 828d",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "sinumerik 840d sl",
        "version": "*"
      },
      {
        "model": "ups1600 profinet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "softnet profinet io",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sitop psu8600",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sirius soft starter 3rw44 pn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sirius act 3su1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sinumerik 840d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sinamics sm150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics sm120",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics sl150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7.5"
      },
      {
        "model": "sinamics sl150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7.4"
      },
      {
        "model": "sinamics sl150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics gm150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics gl150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics gh150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simotion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic winac rtx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "20100"
      },
      {
        "model": "simatic teleservice adapter standard modem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic s7-400",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic s7-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic s7-200 smart",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic s7-1500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic rf685r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic rf680r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic rf650r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic et",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2000"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "443-10"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "343-10"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "16260"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "16160"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "16040"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1543-12.0.28"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1543-10"
      },
      {
        "model": "simatic cp 1542sp-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic cp irc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1243-80"
      },
      {
        "model": "simatic cp lte eu/us",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1243-70"
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1243-10"
      },
      {
        "model": "simatic cp gprs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1242-7v20"
      },
      {
        "model": "scalance xr500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "scalance xm400",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "x4140"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "x4084.0"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "x4083.0"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "x3000"
      },
      {
        "model": "scalance irt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "x2000"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "x2000"
      },
      {
        "model": "scalance w700 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.4"
      },
      {
        "model": "scalance w700 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.5.4"
      },
      {
        "model": "scalance s615",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "scalance m-800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.02"
      },
      {
        "model": "scalance m-800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "ie/as-i link pn io",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "extension unit profinet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "22?0"
      },
      {
        "model": "extension unit profinet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "19?0"
      },
      {
        "model": "extension unit profinet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "15?0"
      },
      {
        "model": "extension unit profinet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "12?0"
      },
      {
        "model": "e/pb-link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinamics sm120 sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics sl150 sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics gm150 sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics gl150 sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinamics gh150 sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "simatic rf685r",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "simatic rf680r",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "simatic cp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "16162.7"
      },
      {
        "model": "simatic cp 1604d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2.7"
      },
      {
        "model": "simatic cp irc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1243-82.1.82"
      },
      {
        "model": "simatic cp lte eu/us",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1243-72.1.82"
      },
      {
        "model": "simatic cp gprs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1242-7v22.1.82"
      },
      {
        "model": "simatic rf650r",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "simatic cp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "443-13.2.17"
      },
      {
        "model": "simatic cp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "15431.2.1"
      },
      {
        "model": "simatic cm1542",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.2"
      },
      {
        "model": "scalance w700",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": "extension unit profinet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "22?1.1.1"
      },
      {
        "model": "extension unit profinet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "19?1.1.1"
      },
      {
        "model": "extension unit profinet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "15?1.1.1"
      },
      {
        "model": "extension unit profinet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "12?1.1.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 343 1 std",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 1542sp 1 irc",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 1543sp 1",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 1543 1",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic rf650r",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic rf680r",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic rf685r",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 1616",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 1604",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic dk 16xx pn io",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x200",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 343 1 lean",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x200 irt",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x300",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x408",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x414",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xm400",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xr500",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance w700",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance m 800",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance s615",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "softnet profinet io",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 343 1 adv",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ie pb link",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ie as i link pn io",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic teleservice adapter standard modem",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic teleservice adapter ie basic modem",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic teleservice adapter ie advanced modem",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sitop psu8600",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ups1600 profinet",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200al",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200ecopn",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200m",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 443 1 std",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200mp",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200pro",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200s",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic et 200sp",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "pn pn coupler",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "dk standard ethernet controller",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ek ertec 200p pn io",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ek ertec 200 pn io",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 200 smart",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 300",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 443 1 adv",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1200",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1500",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 1500 controller",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic winac rtx 2010",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sirius act 3su1",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sirius soft starter 3rw44 pn",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sirius motor starter m200d profinet",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simocode pro v profinet",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics dcm",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 443 1 opc ua",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics dcp",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g110m",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g120 c p d w pn",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g130",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics g150",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics s110 w pn",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics s120",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics s150",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinamics v90 w pn",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simotion",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 1243 1",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic hmi comfort panels",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic hmi multi panels",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic hmi mobile panels",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cm 1542 1",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 1542sp 1",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "33467505-7492-4ae1-b978-12f61201709a"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06153"
      },
      {
        "db": "BID",
        "id": "98369"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004135"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-639"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2681"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:dk_standard_ethernet_controller_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:ek-ertec_200_pn_io_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:ek-ertec_200p_pn_io_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:ie%2Fpb-link_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:ie%2Fas-i_link_pn_io_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:pn%2Fpn_coupler_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_m-800_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_s615_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_w700_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_x200irt_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_x200_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_x300_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_x408_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_x414_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_xm400_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_xr500_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cm_1542-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_1243-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_1542sp-1_irc_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_1542sp-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_1543-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_1543sp-1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_1604_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_1616_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_343-1_lean_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_343-1_adv_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_343-1_std_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_adv_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_std_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_opc-ua_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_dk-16xx_pn_io_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200al_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200ecopn_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200m_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200mp_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200pro_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200s_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_et_200sp_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_panels",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_hmi_mobile_panels",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_hmi_multi_panels",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_rf650r_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_rf680r_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_rf685r_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-1200_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-1500_software_controller_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-1500_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-200_smart_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-300_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_s7-400_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_teleservice_adapter_ie_advanced_modem_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_teleservice_adapter_ie_basic_modem_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_teleservice_adapter_standard_modem_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_winac_rtx_2010_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simocode_pro_v_profinet_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simotion_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics_dcm_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics_dcp_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics_g110m_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics_g120%28c%2Fp%2Fd%29_w._pn_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics_g130_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics_g150_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics__s110_w._pn_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics_s120_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics_s150_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinamics_v90_w._pn_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_828d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_840d_sl_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sirius_act_3su1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sirius_motor_starter_m200d_profinet_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sirius_soft_starter_3rw44_pn_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sitop_psu8600_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:ups1600_profinet_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:softnet_profinet_io_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004135"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Duan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team.",
    "sources": [
      {
        "db": "BID",
        "id": "98369"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-2681",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "CVE-2017-2681",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2017-06153",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "33467505-7492-4ae1-b978-12f61201709a",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "VHN-110884",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-2681",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-2681",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-2681",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2017-2681",
            "trust": 1.0,
            "value": "High"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-2681",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-06153",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201705-639",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "33467505-7492-4ae1-b978-12f61201709a",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-110884",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "33467505-7492-4ae1-b978-12f61201709a"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06153"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110884"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004135"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-639"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2681"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2681"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. SIMATIC HMI is an industrial device from Siemens AG, Germany. The SIMATIC HMI panels are used for operator control and monitoring of machines and equipment. Multiple Siemens Products is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause a denial-of-service condition. Manual restart of the server is required to resume normal operation. A vulnerability has been identified in SIMATIC CP 343-1 Std (All versions), SIMATIC CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std (All versions \u003c V3.2.17), SIMATIC CP 443-1 Adv (All versions \u003c V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions \u003c V2.1.82), SIMATIC CP 1243-1 IRC (All versions \u003c V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions \u003c V2.0), SIMATIC CM 1542SP-1 (All versions \u003c V1.0.15), SIMATIC CP 1542SP-1 IRC (All versions \u003c V1.0.15), SIMATIC CP 1543SP-1 (All versions \u003c V1.0.15), SIMATIC CP 1543-1 (All versions \u003c V2.1), SIMATIC RF650R (All versions \u003c V3.0), SIMATIC RF680R (All versions \u003c V3.0), SIMATIC RF685R (All versions \u003c V3.0), SIMATIC CP 1616 (All versions \u003c V2.7), SIMATIC CP 1604 (All versions \u003c V2.7), SIMATIC DK-16xx PN IO (All versions \u003c V2.7), SCALANCE X-200 (All versions \u003c V5.2.2), SCALANCE X-200 IRT (All versions), SCALANCE X-300/X408 (All versions \u003c V4.1.0), SCALANCE X414 (All versions \u003c V3.10.2), SCALANCE XM400 (All versions \u003c V6.1), SCALANCE XR500 (All versions \u003c V6.1), SCALANCE W700 (All versions \u003c V6.1), SCALANCE M-800, S615 (All versions \u003c V4.03), Softnet PROFINET IO for PC-based Windows systems (All versions \u003c V14 SP1), IE/PB-Link (All versions \u003c V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions \u003c V1.2.0), SITOP UPS1600 PROFINET (All versions \u003c V2.2.0), SIMATIC ET 200AL (All versions \u003c V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions \u003c V4.0.1), SIMATIC ET 200MP IM155-5 PN ST (All versions \u003c V4.1), SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST) (All versions), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM155-6 PN ST (All versions \u003c V4.1.0), SIMATIC ET 200SP (except IM155-6 PN ST) (All versions), SIMATIC PN/PN Coupler (All versions \u003c V4.0), Development/Evaluation Kit DK Standard Ethernet Controller (All versions \u003c V4.1.1 Patch04), Development/Evaluation Kit EK-ERTEC 200P (All versions \u003c V4.4.0 Patch01), Development/Evaluation Kit EK-ERTEC 200 (All versions \u003c V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions \u003c V2.3), SIMATIC S7-300 incl. F and T (All versions \u003c V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions \u003c V6.0.6), SIMATIC S7-400-H V6 (All versions \u003c V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions \u003c V7.0.2), SIMATIC S7-410 (All versions \u003c V8.2), SIMATIC S7-1200 incl. F (All versions \u003c V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions \u003c V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions \u003c V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft Starter 3RW44 PN (All versions), SIRIUS Motor Starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions \u003c V2.0.0), SINAMICS DCM w. PN (All versions \u003c V1.4 SP1 HF5), SINAMICS DCP w. PN (All versions \u003c V1.2 HF 1), SINAMICS G110M w. PN (All versions \u003c V4.7 SP6 HF3), SINAMICS G120(C/P/D) w. PN (All versions \u003c V4.7 SP6 HF3), SINAMICS G130 V4.7 w. PN (All versions \u003c V4.7 HF27), SINAMICS G150 V4.7 w. PN (V4.7: All versions \u003c V4.7 HF27), SINAMICS G130 V4.8 w. PN (All versions \u003c V4.8 HF4), SINAMICS G150 V4.8 w. PN (All versions \u003c V4.8 HF4), SINAMICS S110 w. PN (All versions \u003c V4.4 SP3 HF5), SINAMICS S120 V4.7 w. PN (All versions \u003c V4.7 HF27), and others. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices. Siemens SIMATIC S7-300 F, etc. Siemens SIMATIC S7-300 F is a process controller. SIMATIC HMI Comfort Panels are touch screens",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2681"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004135"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06153"
      },
      {
        "db": "BID",
        "id": "98369"
      },
      {
        "db": "IVD",
        "id": "33467505-7492-4ae1-b978-12f61201709a"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110884"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2681",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-293562",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "98369",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1038463",
        "trust": 1.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-129-02",
        "trust": 1.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06153",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-639",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004135",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-023-02",
        "trust": 0.3
      },
      {
        "db": "SIEMENS",
        "id": "SSA-284673",
        "trust": 0.3
      },
      {
        "db": "IVD",
        "id": "33467505-7492-4AE1-B978-12F61201709A",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-110884",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "33467505-7492-4ae1-b978-12f61201709a"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06153"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110884"
      },
      {
        "db": "BID",
        "id": "98369"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004135"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-639"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2681"
      }
    ]
  },
  "id": "VAR-201705-3221",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "33467505-7492-4ae1-b978-12f61201709a"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06153"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110884"
      }
    ],
    "trust": 1.5075520524444446
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "33467505-7492-4ae1-b978-12f61201709a"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06153"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:56:02.322000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-293562",
        "trust": 0.8,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf"
      },
      {
        "title": "Patch for Siemens SIMATIC HMI Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/93365"
      },
      {
        "title": "Multiple Siemens Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70109"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-06153"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004135"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-639"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110884"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004135"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2681"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/98369"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1038463"
      },
      {
        "trust": 1.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-129-02"
      },
      {
        "trust": 1.0,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-293562.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2681"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2681"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-129-02"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-023-02"
      },
      {
        "trust": 0.3,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-06153"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110884"
      },
      {
        "db": "BID",
        "id": "98369"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004135"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-639"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2681"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "33467505-7492-4ae1-b978-12f61201709a"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06153"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110884"
      },
      {
        "db": "BID",
        "id": "98369"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004135"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-639"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2681"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-09T00:00:00",
        "db": "IVD",
        "id": "33467505-7492-4ae1-b978-12f61201709a"
      },
      {
        "date": "2017-05-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-06153"
      },
      {
        "date": "2017-05-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110884"
      },
      {
        "date": "2017-05-08T00:00:00",
        "db": "BID",
        "id": "98369"
      },
      {
        "date": "2017-06-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004135"
      },
      {
        "date": "2017-05-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-639"
      },
      {
        "date": "2017-05-11T10:29:00.180000",
        "db": "NVD",
        "id": "CVE-2017-2681"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-06153"
      },
      {
        "date": "2020-09-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110884"
      },
      {
        "date": "2018-05-09T14:00:00",
        "db": "BID",
        "id": "98369"
      },
      {
        "date": "2017-09-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004135"
      },
      {
        "date": "2022-03-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-639"
      },
      {
        "date": "2024-11-21T03:23:57.917000",
        "db": "NVD",
        "id": "CVE-2017-2681"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-639"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens SIMATIC HMI Denial of service vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "33467505-7492-4ae1-b978-12f61201709a"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06153"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-639"
      }
    ],
    "trust": 0.6
  }
}

var-201812-0455
Vulnerability from variot

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker with elevated user privileges (manufact) could modify a CRAMFS archive so that after reboot the system loads the modified CRAMFS file and attacker-controlled code is executed with root privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires elevated user privileges (manufact) but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A security hole exists in the Siemens SINUMERIK CNC Controller. A heap based buffer-overflow vulnerability. 2. An integer overflow vulnerability. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0455",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinumerik 840d sl v4.8",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 808d v4.7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinumerik 840d sl v4.7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d v4.8",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinumerik 828d v4.7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 840d sl",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 840d sp6 hf5",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 840d sp3",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.8"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v4.7"
      },
      {
        "model": "sinumerik 808d v4.8",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 808d v4.7",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinumerik 828d v4.7",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl v4.8",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl v4.7",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 840d sl sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "sinumerik 840d sl sp6 hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "sinumerik 828d sp6 hf1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 808d v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 808d v4 8",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 828d v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl v4 7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinumerik 840d sl v4 8",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d823500-463f-11e9-b618-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25417"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-601"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11460"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_808d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_828d_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:sinumerik_840d_sl_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013315"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.",
    "sources": [
      {
        "db": "BID",
        "id": "106185"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-11460",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-11460",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2018-25417",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "7d823500-463f-11e9-b618-000c29342cb1",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-121322",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2018-11460",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-11460",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-11460",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-25417",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-601",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "7d823500-463f-11e9-b618-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-121322",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d823500-463f-11e9-b618-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25417"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121322"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-601"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11460"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). A local attacker with elevated user privileges (manufact) could modify a CRAMFS archive so that after reboot the system loads the modified CRAMFS file and attacker-controlled code is executed with root privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires elevated user privileges (manufact) but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A security hole exists in the Siemens SINUMERIK CNC Controller. A heap based buffer-overflow vulnerability. \n2. An integer overflow vulnerability. \n3. A security bypass vulnerability. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the  context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11460"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013315"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25417"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "IVD",
        "id": "7d823500-463f-11e9-b618-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121322"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-11460",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "106185",
        "trust": 2.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-170881",
        "trust": 2.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-345-02",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-601",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25417",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013315",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "7D823500-463F-11E9-B618-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-121322",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d823500-463f-11e9-b618-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25417"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121322"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-601"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11460"
      }
    ]
  },
  "id": "VAR-201812-0455",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7d823500-463f-11e9-b618-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25417"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121322"
      }
    ],
    "trust": 1.724179296
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d823500-463f-11e9-b618-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25417"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:37:55.858000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-170881",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "title": "Patches for multiple Siemens Product Protection Mechanism Vulnerabilities (CNVD-2018-25417)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/147321"
      },
      {
        "title": "Multiple Siemens Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87845"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25417"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-601"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-693",
        "trust": 1.0
      },
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013315"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11460"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/106185"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11460"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11460"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      },
      {
        "trust": 0.3,
        "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25417"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121322"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-601"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11460"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7d823500-463f-11e9-b618-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25417"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121322"
      },
      {
        "db": "BID",
        "id": "106185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-601"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11460"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "IVD",
        "id": "7d823500-463f-11e9-b618-000c29342cb1"
      },
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25417"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121322"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-02-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013315"
      },
      {
        "date": "2018-12-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-601"
      },
      {
        "date": "2018-12-12T16:29:00.403000",
        "db": "NVD",
        "id": "CVE-2018-11460"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25417"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121322"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106185"
      },
      {
        "date": "2019-03-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013315"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-601"
      },
      {
        "date": "2024-11-21T03:43:24.817000",
        "db": "NVD",
        "id": "CVE-2018-11460"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-601"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  SINUMERIK Access control vulnerabilities in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013315"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-601"
      }
    ],
    "trust": 0.6
  }
}

cve-2018-4843
Vulnerability from cvelistv5
Published
2018-03-20 14:00
Modified
2024-08-05 05:18
Summary
A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (All versions < V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.16), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX 2010 (All versions < V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions < V2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a denial of service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. A manual restart is required to recover the system.
Impacted products
Vendor Product Version
Siemens SIMATIC S7-400 CPU 414F-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 CPU 416-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 CPU 416F-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIMATIC CP 343-1 (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC CP 443-1 Version: All versions < V3.3
Siemens SIMATIC CP 443-1 Version: All versions < V3.3
Siemens SIMATIC CP 443-1 Advanced Version: All versions < V3.3
Siemens SIMATIC ET 200pro IM154-8 PN/DP CPU Version: All versions < V3.2.16
Siemens SIMATIC ET 200pro IM154-8F PN/DP CPU Version: All versions < V3.2.16
Siemens SIMATIC ET 200pro IM154-8FX PN/DP CPU Version: All versions < V3.2.16
Siemens SIMATIC ET 200S IM151-8 PN/DP CPU Version: All versions < V3.2.16
Siemens SIMATIC ET 200S IM151-8F PN/DP CPU Version: All versions < V3.2.16
Siemens SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) Version: All versions < V1.7.0
Siemens SIMATIC S7-1500 Software Controller Version: All versions < V1.7.0
Siemens SIMATIC S7-300 CPU 314C-2 PN/DP Version: All versions < V3.3.16
Siemens SIMATIC S7-300 CPU 315-2 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 315F-2 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 315T-3 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 317-2 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 317F-2 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 317T-3 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 317TF-3 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 319-3 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-300 CPU 319F-3 PN/DP Version: All versions < V3.2.16
Siemens SIMATIC S7-400 CPU 412-2 PN V7 Version: All versions < V7.0.3
Siemens SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) Version: All versions < V6.0.9
Siemens SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) Version: All versions < V6.0.7
Siemens SIMATIC S7-410 CPU family (incl. SIPLUS variants) Version: All versions < V8.1
Siemens SIMATIC WinAC RTX 2010 Version: All versions < V2010 SP3
Siemens SIMATIC WinAC RTX F 2010 Version: All versions < V2010 SP3
Siemens SINUMERIK 828D Version: All versions < V4.7 SP6 HF1
Siemens SIPLUS ET 200S IM151-8 PN/DP CPU Version: All versions < V3.2.16
Siemens SIPLUS ET 200S IM151-8F PN/DP CPU Version: All versions < V3.2.16
Siemens SIPLUS NET CP 443-1 Version: All versions < V3.3
Siemens SIPLUS NET CP 443-1 Advanced Version: All versions < V3.3
Siemens SIPLUS S7-300 CPU 314C-2 PN/DP Version: All versions < V3.3.16
Siemens SIPLUS S7-300 CPU 315-2 PN/DP Version: All versions < V3.2.16
Siemens SIPLUS S7-300 CPU 315F-2 PN/DP Version: All versions < V3.2.16
Siemens SIPLUS S7-300 CPU 317-2 PN/DP Version: All versions < V3.2.16
Siemens SIPLUS S7-300 CPU 317F-2 PN/DP Version: All versions < V3.2.16
Siemens SIPLUS S7-400 CPU 414-3 PN/DP V7 Version: All versions < V7.0.3
Siemens SIPLUS S7-400 CPU 416-3 PN/DP V7 Version: All versions < V7.0.3
Siemens Softnet PROFINET IO for PC-based Windows systems Version: All versions
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:18:26.626Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 414-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 414F-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 416-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": " SIMATIC S7-400 CPU 416F-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 343-1 (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM154-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM154-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM154-8FX PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200S IM151-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200S IM151-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.7.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 Software Controller",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.7.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 314C-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317TF-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 319-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 319F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 CPU 412-2 PN V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V6.0.9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V6.0.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-410 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V8.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinAC RTX 2010",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2010 SP3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinAC RTX F 2010",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2010 SP3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINUMERIK 828D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.7 SP6 HF1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200S IM151-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200S IM151-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 314C-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 315-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 315F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 317-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 317F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 414-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 416-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.0.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Softnet PROFINET IO for PC-based Windows systems",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in  SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (All versions \u003c V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions \u003c V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V1.7.0), SIMATIC S7-1500 Software Controller (All versions \u003c V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions \u003c V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-400 CPU 412-2 PN V7 (All versions \u003c V7.0.3), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.7), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions \u003c V8.1), SIMATIC WinAC RTX 2010 (All versions \u003c V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions \u003c V2010 SP3), SINUMERIK 828D (All versions \u003c V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions \u003c V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions \u003c V3.2.16), SIPLUS NET CP 443-1 (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (All versions \u003c V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions \u003c V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a denial of service condition of the requesting system.\r\n\r\nThe security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. A manual restart is required to recover the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T11:50:59.460Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2018-4843",
    "datePublished": "2018-03-20T14:00:00",
    "dateReserved": "2018-01-02T00:00:00",
    "dateUpdated": "2024-08-05T05:18:26.626Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-10936
Vulnerability from cvelistv5
Published
2019-10-10 00:00
Modified
2024-08-04 22:40
Summary
Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition.
Impacted products
Vendor Product Version
Siemens Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 Version: 0   < *
Siemens Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P Version: All versions < V4.6 Patch 01
Siemens SIMATIC CFU PA Version: 0   < V1.2.0
Siemens SIMATIC ET 200AL IM 157-1 PN Version: All versions
Siemens SIMATIC ET 200M (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC ET 200MP IM 155-5 PN BA Version: 0   < V4.3.0
Siemens SIMATIC ET 200MP IM 155-5 PN HF Version: 0   < V4.4.0
Siemens SIMATIC ET 200MP IM 155-5 PN ST Version: 0   < *
Siemens SIMATIC ET 200MP IM 155-5 PN ST Version: 0   < *
Siemens SIMATIC ET 200pro IM 154-3 PN HF Version: 0   < *
Siemens SIMATIC ET 200pro IM 154-4 PN HF Version: 0   < *
Siemens SIMATIC ET 200pro IM 154-8 PN/DP CPU Version: All versions < V3.2.17
Siemens SIMATIC ET 200pro IM 154-8F PN/DP CPU Version: All versions < V3.2.17
Siemens SIMATIC ET 200pro IM 154-8FX PN/DP CPU Version: All versions < V3.2.17
Siemens SIMATIC ET 200S IM 151-8 PN/DP CPU Version: All versions < V3.2.17
Siemens SIMATIC ET 200S IM 151-8F PN/DP CPU Version: All versions < V3.2.17
Siemens SIMATIC ET 200SP IM 155-6 PN BA Version: 0   < *
Siemens SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) Version: All versions < V1.2.1
Siemens SIMATIC ET 200SP IM 155-6 PN HF Version: 0   < V4.2.2
Siemens SIMATIC ET 200SP IM 155-6 PN HS Version: 0   < V4.0.1
Siemens SIMATIC ET 200SP IM 155-6 PN ST Version: 0   < *
Siemens SIMATIC ET 200SP IM 155-6 PN ST Version: 0   < *
Siemens SIMATIC ET 200SP IM 155-6 PN ST BA Version: 0   < *
Siemens SIMATIC ET 200SP IM 155-6 PN ST BA Version: 0   < *
Siemens SIMATIC ET 200SP IM 155-6 PN/2 HF Version: 0   < V4.2.2
Siemens SIMATIC ET 200SP IM 155-6 PN/3 HF Version: 0   < V4.2.1
Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) Version: 0   < V2.0
Siemens SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 4AO U/I 4xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN: IO-Link Master Version: All versions
Siemens SIMATIC ET200S (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC HMI Comfort Outdoor Panels (incl. SIPLUS variants) Version: 0   < *
Siemens SIMATIC HMI Comfort Panels (incl. SIPLUS variants) Version: 0   < *
Siemens SIMATIC HMI KTP Mobile Panels Version: 0   < *
Siemens SIMATIC PN/PN Coupler Version: All versions < V4.2.1
Siemens SIMATIC PROFINET Driver Version: All versions < V2.1
Siemens SIMATIC S7-1200 CPU family (incl. SIPLUS variants) Version: All versions < V4.4.0
Siemens SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) Version: All versions < V2.0
Siemens SIMATIC S7-1500 Software Controller Version: All versions < V2.0
Siemens SIMATIC S7-300 CPU 314C-2 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-300 CPU 315-2 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-300 CPU 315F-2 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-300 CPU 315T-3 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-300 CPU 317-2 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-300 CPU 317F-2 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-300 CPU 317T-3 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-300 CPU 317TF-3 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-300 CPU 319-3 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-300 CPU 319F-3 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-400 CPU 412-2 PN V7 Version: 0   < V7.0.3
Siemens SIMATIC S7-400 CPU 414-3 PN/DP V7 Version: 0   < V7.0.3
Siemens SIMATIC S7-400 CPU 414F-3 PN/DP V7 Version: 0   < V7.0.3
Siemens SIMATIC S7-400 CPU 416-3 PN/DP V7 Version: 0   < V7.0.3
Siemens SIMATIC S7-400 CPU 416F-3 PN/DP V7 Version: 0   < V7.0.3
Siemens SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) Version: 0   < V6.0.9
Siemens SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) Version: 0   < *
Siemens SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) Version: All versions < V8.2.2
Siemens SIMATIC TDC CP51M1 Version: 0   < V1.1.8
Siemens SIMATIC TDC CPU555 Version: 0   < V1.1.1
Siemens SIMATIC WinAC RTX 2010 Version: All versions < V2010 SP3
Siemens SIMATIC WinAC RTX F 2010 Version: All versions < V2010 SP3
Siemens SINAMICS DCM Version: All versions < V1.5 HF1
Siemens SINAMICS DCP Version: All versions < V1.3
Siemens SINAMICS G110M V4.7 PN Control Unit Version: All versions < V4.7 SP10 HF5
Siemens SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants) Version: All versions < V4.7 SP10 HF5
Siemens SINAMICS G130 V4.7 Control Unit Version: All versions < 4.8
Siemens SINAMICS G150 Control Unit Version: All versions < 4.8
Siemens SINAMICS GH150 V4.7 Control Unit Version: All versions
Siemens SINAMICS GL150 V4.7 Control Unit Version: All versions
Siemens SINAMICS GM150 V4.7 Control Unit Version: All versions
Siemens SINAMICS S110 Control Unit Version: 0   < *
Siemens SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants) Version: 0   < *
Siemens SINAMICS S150 Control Unit Version: All versions < 4.8
Siemens SINAMICS SL150 V4.7 Control Unit Version: All versions < V4.7 HF33
Siemens SINAMICS SM120 V4.7 Control Unit Version: 0   < *
Siemens SINUMERIK 828D Version: All versions < V4.8 SP5
Siemens SINUMERIK 840D sl Version: All versions < V4.8 SP6
Siemens SIPLUS ET 200MP IM 155-5 PN HF Version: 0   < V4.4.0
Siemens SIPLUS ET 200MP IM 155-5 PN HF Version: 0   < V4.4.0
Siemens SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL Version: 0   < V4.4.0
Siemens SIPLUS ET 200MP IM 155-5 PN ST Version: 0   < *
Siemens SIPLUS ET 200MP IM 155-5 PN ST Version: 0   < *
Siemens SIPLUS ET 200MP IM 155-5 PN ST TX RAIL Version: 0   < *
Siemens SIPLUS ET 200MP IM 155-5 PN ST TX RAIL Version: 0   < *
Siemens SIPLUS ET 200S IM 151-8 PN/DP CPU Version: All versions < V3.2.17
Siemens SIPLUS ET 200S IM 151-8F PN/DP CPU Version: All versions < V3.2.17
Siemens SIPLUS ET 200SP IM 155-6 PN HF Version: 0   < V4.2.2
Siemens SIPLUS ET 200SP IM 155-6 PN HF Version: 0   < V4.2.2
Siemens SIPLUS ET 200SP IM 155-6 PN HF Version: 0   < V4.2.2
Siemens SIPLUS ET 200SP IM 155-6 PN HF Version: 0   < V4.2.2
Siemens SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL Version: 0   < V4.2.2
Siemens SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL Version: 0   < V4.2.2
Siemens SIPLUS ET 200SP IM 155-6 PN HF TX RAIL Version: 0   < V4.2.2
Siemens SIPLUS ET 200SP IM 155-6 PN ST Version: 0   < *
Siemens SIPLUS ET 200SP IM 155-6 PN ST Version: 0   < *
Siemens SIPLUS ET 200SP IM 155-6 PN ST BA Version: 0   < *
Siemens SIPLUS ET 200SP IM 155-6 PN ST BA Version: 0   < *
Siemens SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL Version: 0   < *
Siemens SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL Version: 0   < *
Siemens SIPLUS ET 200SP IM 155-6 PN ST TX RAIL Version: 0   < *
Siemens SIPLUS ET 200SP IM 155-6 PN ST TX RAIL Version: 0   < *
Siemens SIPLUS NET PN/PN Coupler Version: All versions < V4.2.1
Siemens SIPLUS S7-300 CPU 314C-2 PN/DP Version: All versions < V3.3.17
Siemens SIPLUS S7-300 CPU 315-2 PN/DP Version: All versions < V3.2.17
Siemens SIPLUS S7-300 CPU 315F-2 PN/DP Version: All versions < V3.2.17
Siemens SIPLUS S7-300 CPU 317-2 PN/DP Version: All versions < V3.2.17
Siemens SIPLUS S7-300 CPU 317F-2 PN/DP Version: All versions < V3.2.17
Siemens SIPLUS S7-400 CPU 414-3 PN/DP V7 Version: 0   < V7.0.3
Siemens SIPLUS S7-400 CPU 416-3 PN/DP V7 Version: 0   < V7.0.3
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "dk_standard_ethernet_controller_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:ek-ertec_200_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ek-ertec_200_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:ek-ertec_200p_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ek-ertec_200p_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_cfu_pa:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cfu_pa",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v1.2.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:simatic_et200ecopn_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_et200ecopn_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:simatic_et200s_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_et200s_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:simatic_et_200al_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_et_200al_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:simatic_et_200m_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_et_200m_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:simatic_et_200mp_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_et_200mp_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v4.3.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:simatic_et_200pro_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_et_200pro_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:simatic_et_200s_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_et_200s_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v3.2.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:simatic_et_200sp_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_et_200sp_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_hmi_comfort_outdoor_panels",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_pn\\/pn_coupler_6es7158-3ad01-0xa0:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_pn\\/pn_coupler_6es7158-3ad01-0xa0",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v4.2.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_profinet_driver:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_profinet_driver",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:simatic_s7-300_cpu_314_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_s7-300_cpu_314_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v3.2.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_s7-300_cpu_315-2_dp_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v3.2.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:simatic_s7-300_cpu_315f-2_dp_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_s7-300_cpu_315f-2_dp_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v3.2.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_dp_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_s7-300_cpu_317-2_dp_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v3.2.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_pn\\/dp_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_s7-300_cpu_317-2_pn\\/dp_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v3.2.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:simatic_s7-300_cpu_319-3_pn\\/dp_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_s7-300_cpu_319-3_pn\\/dp_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v3.2.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_s7-400_cpu_412-2_pn:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_s7-400_cpu_412-2_pn",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v7.0.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3_pn\\/dp:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_s7-400_cpu_414-3_pn\\/dp",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v7.0.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3_pn\\/dp:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_s7-400_cpu_416-3_pn\\/dp",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "v7.0.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:simatic_s7-400_h_v6_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_s7-400_h_v6_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "v6.0.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:simatic_s7-400_pn\\/dp_v6_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_s7-400_pn\\/dp_v6_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:simatic_s7-410_cpu_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_s7-410_cpu_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v8.2.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_s7-1200_cpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_s7-1200_cpu",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v4.4.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_s7-1500_cpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_s7-1500_cpu",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_s7-1500_controller:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_s7-1500_controller",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_tdc_cp51m1_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v1.1.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:simatic_tdc_cpu555_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_tdc_cpu555_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v1.1.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:simatic_winac_rtx_2010:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_winac_rtx_2010",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2010_sp3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:simatic_winac_rtx_\\(f\\)_2010:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_winac_rtx_\\(f\\)_2010",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2010_sp3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:sinamics_dcm:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinamics_dcm",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v1.5_hf1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinamics_dcp",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:sinamics_g110m:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinamics_g110m",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v4.7_sp10_hf5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:sinamics_g120:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinamics_g120",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v4.7_sp10_hf5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:sinamics_g130:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinamics_g130",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v4.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:sinamics_g150:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinamics_g150",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v4.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:sinamics_gh150:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinamics_gh150",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:sinamics_gl150:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinamics_gl150",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:sinamics_gm150:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinamics_gm150",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:sinamics_s110:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinamics_s110",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinamics_s120",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:sinamics_sl150:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinamics_sl150",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v4.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:sinamics_sl150:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinamics_sl150",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v4.7_hf33",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:sinamics_sm120:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinamics_sm120",
            "vendor": "siemens",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:sinumerik_828d:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinumerik_828d",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v4.8_sp5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinumerik_840d_sl",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v4.8_sp6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:siplus_s7-300_cpu_314:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "siplus_s7-300_cpu_314",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v3.3.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-10936",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-09T14:36:59.481395Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-09T15:59:12.602Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:15.253Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-473245.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.6 Patch 01"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CFU PA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200AL IM 157-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200M (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200MP IM 155-5 PN BA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200MP IM 155-5 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200MP IM 155-5 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200MP IM 155-5 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM 154-3 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM 154-4 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM 154-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM 154-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM 154-8FX PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200S IM 151-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200S IM 151-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN BA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.2.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN HS",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.0.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN ST BA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN ST BA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN/2 HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN/3 HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 4AO U/I 4xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN: IO-Link Master",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200S (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI Comfort Outdoor Panels (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI KTP Mobile Panels",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PN/PN Coupler",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.2.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PROFINET Driver",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.4.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 Software Controller",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 314C-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317TF-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 319-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 319F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 CPU 412-2 PN V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 CPU 414-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 CPU 414F-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 CPU 416-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 CPU 416F-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.0.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V8.2.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC TDC CP51M1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.1.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC TDC CPU555",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.1.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinAC RTX 2010",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2010 SP3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinAC RTX F 2010",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2010 SP3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS DCM",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.5 HF1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS DCP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G110M V4.7 PN Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.7 SP10 HF5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.7 SP10 HF5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G130 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 4.8"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G150 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 4.8"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GH150 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GL150 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GM150 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S110 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S150 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 4.8"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS SL150 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.7 HF33"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS SM120 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINUMERIK 828D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 SP5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINUMERIK 840D sl",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 SP6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200S IM 151-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200S IM 151-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN HF TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST BA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST BA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET PN/PN Coupler",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.2.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 314C-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 315-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 315F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 317-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 317F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 414-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 416-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Affected devices improperly handle large amounts of specially crafted UDP packets.\r\n\r\nThis could allow an unauthenticated remote attacker to trigger a denial of service condition."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-09T12:03:55.957Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-473245.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2019-10936",
    "datePublished": "2019-10-10T00:00:00",
    "dateReserved": "2019-04-08T00:00:00",
    "dateUpdated": "2024-08-04T22:40:15.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-10923
Vulnerability from cvelistv5
Published
2019-10-10 13:49
Modified
2024-09-10 09:33
Summary
An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.
Impacted products
Vendor Product Version
Siemens Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 Version: All versions < V4.5.0 Patch 01
Siemens Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P Version: All versions < V4.5.0
Siemens SCALANCE X-200IRT family (incl. SIPLUS NET variants) Version: All versions < V5.2.1
Siemens SIMATIC ET 200M (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC ET 200MP IM 155-5 PN HF Version: 0   < V4.2.0
Siemens SIMATIC ET 200MP IM 155-5 PN ST Version: 0   < V4.1.0
Siemens SIMATIC ET 200pro IM 154-3 PN HF Version: 0   < *
Siemens SIMATIC ET 200pro IM 154-4 PN HF Version: 0   < *
Siemens SIMATIC ET 200pro IM 154-8 PN/DP CPU Version: All versions < V3.2.17
Siemens SIMATIC ET 200pro IM 154-8F PN/DP CPU Version: All versions < V3.2.17
Siemens SIMATIC ET 200pro IM 154-8FX PN/DP CPU Version: All versions < V3.2.17
Siemens SIMATIC ET 200S IM 151-8 PN/DP CPU Version: All versions < V3.2.17
Siemens SIMATIC ET 200S IM 151-8F PN/DP CPU Version: All versions < V3.2.17
Siemens SIMATIC ET 200SP IM 155-6 PN HF Version: 0   < V4.2.0
Siemens SIMATIC ET 200SP IM 155-6 PN ST Version: 0   < V4.1.0
Siemens SIMATIC ET 200SP IM 155-6 PN ST BA Version: 0   < V4.1.0
Siemens SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 4AO U/I 4xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12 Version: All versions
Siemens SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12 Version: All versions
Siemens SIMATIC ET200ecoPN: IO-Link Master Version: All versions
Siemens SIMATIC ET200S (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC NET CP 1604 Version: All versions < V2.8
Siemens SIMATIC NET CP 1616 Version: All versions < V2.8
Siemens SIMATIC PN/PN Coupler (incl. SIPLUS NET variants) Version: All versions
Siemens SIMATIC S7-300 CPU 314C-2 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-300 CPU 315-2 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-300 CPU 315F-2 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-300 CPU 315T-3 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-300 CPU 317-2 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-300 CPU 317F-2 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-300 CPU 317T-3 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-300 CPU 317TF-3 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-300 CPU 319-3 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-300 CPU 319F-3 PN/DP Version: All versions < V3.2.17
Siemens SIMATIC S7-400 CPU 412-2 PN V7 Version: 0   < V7.0.3
Siemens SIMATIC S7-400 CPU 414-3 PN/DP V7 Version: 0   < V7.0.3
Siemens SIMATIC S7-400 CPU 414F-3 PN/DP V7 Version: 0   < V7.0.3
Siemens SIMATIC S7-400 CPU 416-3 PN/DP V7 Version: 0   < V7.0.3
Siemens SIMATIC S7-400 CPU 416F-3 PN/DP V7 Version: 0   < V7.0.3
Siemens SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) Version: 0   < *
Siemens SIMATIC WinAC RTX 2010 Version: All versions < V2010 SP3
Siemens SIMATIC WinAC RTX F 2010 Version: All versions < V2010 SP3
Siemens SIMOTION Version: All versions
Siemens SINAMICS DCM Version: All versions < V1.5 HF1
Siemens SINAMICS DCP Version: All versions < V1.3
Siemens SINAMICS G110M V4.7 Control Unit Version: All versions < V4.7 SP10 HF5
Siemens SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants) Version: All versions < V4.7 SP10 HF5
Siemens SINAMICS G130 V4.7 Control Unit Version: All versions < V4.7 HF29
Siemens SINAMICS G150 Control Unit Version: All versions < V4.8
Siemens SINAMICS GH150 V4.7 Control Unit Version: All versions
Siemens SINAMICS GL150 V4.7 Control Unit Version: All versions
Siemens SINAMICS GM150 V4.7 Control Unit Version: All versions
Siemens SINAMICS S110 Control Unit Version: All versions
Siemens SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants) Version: All versions < V4.7 HF34
Siemens SINAMICS S150 Control Unit Version: All versions < V4.8
Siemens SINAMICS SL150 V4.7 Control Unit Version: All versions < V4.7 HF33
Siemens SINAMICS SM120 V4.7 Control Unit Version: All versions
Siemens SINUMERIK 828D Version: All versions < V4.8 SP5
Siemens SINUMERIK 840D sl Version: All versions < V4.8 SP5
Siemens SIPLUS ET 200MP IM 155-5 PN HF Version: 0   < V4.2.0
Siemens SIPLUS ET 200MP IM 155-5 PN HF Version: 0   < V4.2.0
Siemens SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL Version: 0   < V4.2.0
Siemens SIPLUS ET 200MP IM 155-5 PN ST Version: 0   < V4.1.0
Siemens SIPLUS ET 200MP IM 155-5 PN ST TX RAIL Version: 0   < V4.1.0
Siemens SIPLUS ET 200S IM 151-8 PN/DP CPU Version: All versions < V3.2.17
Siemens SIPLUS ET 200S IM 151-8F PN/DP CPU Version: All versions < V3.2.17
Siemens SIPLUS ET 200SP IM 155-6 PN HF Version: 0   < V4.2.0
Siemens SIPLUS ET 200SP IM 155-6 PN HF Version: 0   < V4.2.0
Siemens SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL Version: 0   < V4.2.0
Siemens SIPLUS ET 200SP IM 155-6 PN ST Version: 0   < V4.1.0
Siemens SIPLUS ET 200SP IM 155-6 PN ST BA Version: 0   < V4.1.0
Siemens SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL Version: 0   < V4.1.0
Siemens SIPLUS ET 200SP IM 155-6 PN ST TX RAIL Version: 0   < V4.1.0
Siemens SIPLUS S7-300 CPU 314C-2 PN/DP Version: All versions < V3.3.17
Siemens SIPLUS S7-300 CPU 315-2 PN/DP Version: All versions < V3.2.17
Siemens SIPLUS S7-300 CPU 315F-2 PN/DP Version: All versions < V3.2.17
Siemens SIPLUS S7-300 CPU 317-2 PN/DP Version: All versions < V3.2.17
Siemens SIPLUS S7-300 CPU 317F-2 PN/DP Version: All versions < V3.2.17
Siemens SIPLUS S7-400 CPU 414-3 PN/DP V7 Version: 0   < V7.0.3
Siemens SIPLUS S7-400 CPU 416-3 PN/DP V7 Version: 0   < V7.0.3
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:15.265Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.1 Patch 05"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.5.0 Patch 01"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.5.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X-200IRT family (incl. SIPLUS NET variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200M (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200MP IM 155-5 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200MP IM 155-5 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM 154-3 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM 154-4 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM 154-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM 154-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM 154-8FX PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200S IM 151-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200S IM 151-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN ST BA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 4AO U/I 4xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN: IO-Link Master",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200S (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC NET CP 1604",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.8"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC NET CP 1616",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.8"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 314C-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317TF-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 319-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 319F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 CPU 412-2 PN V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 CPU 414-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 CPU 414F-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 CPU 416-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 CPU 416F-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinAC RTX 2010",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2010 SP3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinAC RTX F 2010",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2010 SP3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOTION",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS DCM",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.5 HF1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS DCP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G110M V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.7 SP10 HF5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.7 SP10 HF5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G130 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.7 HF29"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G150 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GH150 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GL150 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GM150 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S110 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.7 HF34"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S150 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS SL150 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.7 HF33"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS SM120 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINUMERIK 828D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 SP5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINUMERIK 840D sl",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 SP5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200S IM 151-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200S IM 151-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST BA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 314C-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 315-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 315F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 317-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 317F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 414-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 416-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T09:33:22.534Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-349422.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2019-10923",
    "datePublished": "2019-10-10T13:49:24",
    "dateReserved": "2019-04-08T00:00:00",
    "dateUpdated": "2024-09-10T09:33:22.534Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-37199
Vulnerability from cvelistv5
Published
2021-10-12 09:49
Modified
2024-08-04 01:16
Severity ?
Summary
A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device.
Impacted products
Vendor Product Version
Siemens SINUMERIK 828D Version: All versions < V4.95
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:16:03.969Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-178380.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SINUMERIK 808D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SINUMERIK 828D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.95"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions \u003c V4.95). Affected devices don\u0027t process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-12T09:49:37",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-178380.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-37199",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SINUMERIK 808D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SINUMERIK 828D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.95"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions \u003c V4.95). Affected devices don\u0027t process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122: Heap-based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-178380.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-178380.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-37199",
    "datePublished": "2021-10-12T09:49:37",
    "dateReserved": "2021-07-21T00:00:00",
    "dateUpdated": "2024-08-04T01:16:03.969Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}