cvelistv5 - CVE-2016-8562

CVE-2016-8562 (GCVE-0-2016-8562)

Vulnerability from cvelistv5

Published

2016-11-18 21:00

Modified

2025-10-21 23:55

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Summary

References

URL

Tags

cve@mitre.org	http://www.securityfocus.com/bid/94436	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf	Broken Link, Patch, Vendor Advisory
cve@mitre.org	https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf	Vendor Advisory
cve@mitre.org	https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94436	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf	Broken Link, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01	Third Party Advisory, US Government Resource
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-8562

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2022-03-03

Due date: 2022-03-24

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2016-8562

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:27:41.149Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94436",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94436"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2016-8562",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T20:57:31.096194Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-8562"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:55:48.030Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-8562"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-03T00:00:00+00:00",
            "value": "CVE-2016-8562 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions \u003c V2.0.28), SIPLUS NET CP 1543-1 (All versions \u003c V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-12T09:06:47.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "94436",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94436"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-8562",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions \u003c V2.0.28), SIPLUS NET CP 1543-1 (All versions \u003c V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94436",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94436"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
            },
            {
              "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf",
              "refsource": "CONFIRM",
              "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-8562",
    "datePublished": "2016-11-18T21:00:00.000Z",
    "dateReserved": "2016-10-07T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:55:48.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2016-8562",
      "cwes": "[\"CWE-20\"]",
      "dateAdded": "2022-03-03",
      "dueDate": "2022-03-24",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-8562",
      "product": "SIMATIC CP",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service.",
      "vendorProject": "Siemens",
      "vulnerabilityName": "Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-8562\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-11-18T21:59:02.033\",\"lastModified\":\"2025-10-22T00:15:56.610\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SIMATIC CP 1543-1 (All versions \u003c V2.0.28), SIPLUS NET CP 1543-1 (All versions \u003c V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SIMATIC CP 1543-1 (Todas las versiones \u0026lt; V2.0.28), SIPLUS NET CP 1543-1 (Todas las versiones \u0026lt; V2.0.28). En condiciones especiales era posible escribir variables SNMP en el puerto 161/udp que deber\u00edan ser de s\u00f3lo lectura y s\u00f3lo deber\u00edan configurarse con TIA-Portal. Una escritura en estas variables podr\u00eda reducir la disponibilidad o causar una denegaci\u00f3n de servicio\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:N/A:P\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2022-03-03\",\"cisaActionDue\":\"2022-03-24\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.28\",\"matchCriteriaId\":\"F8CCE837-13AF-47FB-B4C8-7720F0876229\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FDE92FB-38C7-46E8-9208-BBD7872219D5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.28\",\"matchCriteriaId\":\"DDDA7068-0640-4E8C-A917-DB41F6A9D66A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D7AB0D5-FD3E-416A-975B-D212B3350433\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/94436\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/94436\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-8562\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/94436\", \"name\": \"94436\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T02:27:41.149Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2016-8562\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T20:57:31.096194Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-8562\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-03-03T00:00:00+00:00\", \"value\": \"CVE-2016-8562 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-8562\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T20:57:28.767Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2016-11-18T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/94436\", \"name\": \"94436\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in SIMATIC CP 1543-1 (All versions \u003c V2.0.28), SIPLUS NET CP 1543-1 (All versions \u003c V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2022-04-12T09:06:47.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.securityfocus.com/bid/94436\", \"name\": \"94436\", \"refsource\": \"BID\"}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01\", \"name\": \"https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf\", \"name\": \"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf\", \"name\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability has been identified in SIMATIC CP 1543-1 (All versions \u003c V2.0.28), SIPLUS NET CP 1543-1 (All versions \u003c V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2016-8562\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2016-8562\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:55:48.030Z\", \"dateReserved\": \"2016-10-07T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2016-11-18T21:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2016-AVI-384

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans SCADA Siemens SIMATIC CP 1543-1. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Siemens SIMATIC CP 1543-1 versions antérieures à V2.0.28

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens du 18 novembre 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eSiemens SIMATIC CP 1543-1 versions ant\u00e9rieures \u00e0 V2.0.28\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-8561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8561"
    },
    {
      "name": "CVE-2016-8562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8562"
    }
  ],
  "initial_release_date": "2016-11-18T00:00:00",
  "last_revision_date": "2016-11-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-384",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-11-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eSCADA Siemens SIMATIC CP 1543-1\u003c/span\u003e. Elles permettent\n\u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA Siemens SIMATIC CP 1543-1",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens du 18 novembre 2016",
      "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-672373.pdf"
    }
  ]
}

CERTFR-2020-AVI-077

Vulnerability from certfr_avis

Cet avis concerne une mise à jour en date du 10 février 2020 de 58 avis Siemens (cf. section documentation). Les avis Siemens listent désormais les variantes SIPLUS parmi les systèmes affectés.

De multiples vulnérabilités ont été découvertes dans les produits Siemens de variante SIPLUS. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

[Important] Certains avis étant anciens et étant donné le nombre de vulnérabilités traitées par les bulletins, le CERT-FR recommande de déterminer la version applicable pour chaque configuration et d'appliquer les mesures de protection établies par l'éditeur dans la section "workarounds and migitations" des bulletins de sécurité (cf. section Documentation).

Impacted products

Vendor	Product	Description
Siemens	N/A	CP 343-1 Advanced variante SIPLUS versions antérieures à 3.0.44
Siemens	N/A	SITOP UPS1600 PROFINET variante SIPLUS versions antérieures à 2.2.0
Siemens	N/A	SIMATIC IPC427D et IPC427E variante SIPLUS BIOS versions antérieures à V17.0x.14 et V21.01.18
Siemens	N/A	CP 343-1 tous types et variante SIPLUS toutes versions antérieures à 3.1.1
Siemens	N/A	CP 1543-1 variante SIPLUS versions antérieures à 2.1
Siemens	N/A	SCALANCE X414 variante SIPLUS versions antérieures à 3.10.2
Siemens	N/A	TIM 1531 IRC variante SIPLUS versions antérieures à 2.0
Siemens	N/A	SIMATIC S7-1200 CPU variante SIPLUS versions antérieures à 4.1.3 4.3
Siemens	N/A	TIM 4R-IE variante SIPLUS versions antérieures à 2.6.0
Siemens	N/A	CP 1243-1 tous types et variante SIPLUS versions antérieures à 3.1
Siemens	N/A	SIMATIC S7-400 tous types en variante SIPLUS toutes versions
Siemens	N/A	SCALANCE X-200IRT variante SIPLUS versions antérieures à 5.4.0
Siemens	N/A	SCALANCE X-300 variante SIPLUS versions antérieures à 4.1.2
Siemens	N/A	SIMATIC S7-1500 CPU variante SIPLUS versions antérieures à 2.5 2.6
Siemens	N/A	LOGO!8 BM variante SIPLUS toutes versions
Siemens	N/A	SINAMICS G120(C/P/D) avec PN variante SIPLUS versions antérieures à 4.7 SP9 HF1
Siemens	N/A	SIMOCODE pro V PN variante SIPLUS versions antérieures à 2.1.1
Siemens	N/A	SIMATIC S7-410 CPU variante SIPLUS variante SIPLUS versions antérieures à 8.2.1
Siemens	N/A	SINAMICS S120 variante SIPLUS versions antérieures à 4.7 HF29, 4.8 HF5 et 5.1 SP1
Siemens	N/A	SIMATIC ET200pro et ET200S variante SIPLUS toutes versions
Siemens	N/A	SCALANCE X-200 variante SIPLUS versions antérieures à 5.2.2
Siemens	N/A	IE/PB-Link variante SIPLUS versions antérieures à 3.0
Siemens	N/A	SIMATIC ET200M variante SIPLUS toutes versions
Siemens	N/A	SIMATIC S7-300 CPU sans support PROFINET variante SIPLUS versions antérieures à 3.X.16
Siemens	N/A	SIMATIC ET200MP variante SIPLUS versions antérieures à 4.2
Siemens	N/A	SIMOCODE pro V EIP variante SIPLUS versions antérieures à 1.0.2
Siemens	N/A	SIMATIC ET200SP Open Controller variante SIPLUS versions antérieures à 2.6 et 4.2
Siemens	N/A	SIMATIC PN/PN Coupler variante SIPLUS versions antérieures à 4.2.0
Siemens	N/A	TIM 4R-IE DNP3 variante SIPLUS versions antérieures à 3.1.0
Siemens	N/A	CP 1542SP-1 et 1543SP-1 variante SIPLUS versions antérieures à 1.0.15
Siemens	N/A	IM 3V-IE / TIM 3V-IE Advanced variante SIPLUS versions antérieures à 2.6.0
Siemens	N/A	SIMOTION variante SIPLUS versions antérieures à 5.1 HF1
Siemens	N/A	TIM 3V-IE DNP3 variante SIPLUS versions antérieures à 3.1.0
Siemens	N/A	CP 443-1 tous types et variante SIPLUS toutes versions antérieures à 3.2.9 3.2.17
Siemens	N/A	SIMATIC HMI Basic Panels 2nd Generation, Comfort 15-22, Comfort 4-12, Comfort Pro Panels variante SIPLUS versions antérieures à V14 SP1 Upd 6 et V15.1 Upd 1
Siemens	N/A	SIMATIC S7-300 CPU avec support PROFINET variante SIPLUS versions antérieures à 3.X.16

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-818183 du 08 juin 2016	-	other
Bulletin de sécurité Siemens ssa-268644 du 09 septembre 2018	-	other
Avis CERTFR-2018-AVI-429	-	other
Bulletin de sécurité Siemens ssa-892715 du 22 février 2018	-	other
Bulletin de sécurité Siemens ssa-994726 du 05 mars 2015	-	other
Avis CERTFR-2015-AVI-090	-	other
Avis CERTFR-2018-AVI-235	-	other
Avis CERTFR-2014-AVI-137	-	other
Bulletin de sécurité Siemens ssa-447396 du 11 septembre 2018	-	other
Bulletin de sécurité Siemens ssa-804486 du 14 mai 2019	-	other
Bulletin de sécurité Siemens ssa-987029 du 05 mars 2015	-	other
Bulletin de sécurité Siemens ssa-240718 du 13 septembre 2012	-	other
Bulletin de sécurité Siemens ssa-168644 du 22 février 2018	-	other
Bulletin de sécurité Siemens ssa-180635 du 08 janvier 2019	-	other
Bulletin de sécurité Siemens ssa-293562 du 08 mai 2017	-	other
Bulletin de sécurité Siemens ssa-310688 du 14 août 2014	-	other
Bulletin de sécurité Siemens ssa-546832 du 03 mai 2018	-	other
Bulletin de sécurité Siemens ssa-100232 du 13 août 2019	-	other
Bulletin de sécurité Siemens ssa-914382 du 15 mai 2018	-	other
Bulletin de sécurité Siemens ssa-744850 du 11 juin 2019	-	other
Bulletin de sécurité Siemens ssa-134003 du 27 août 2015	-	other
Avis CERTFR-2016-AVI-384	-	other
Bulletin de sécurité Siemens ssa-321046 du 19 janvier 2015	-	other
Avis CERTFR-2018-AVI-543	-	other
Bulletin de sécurité Siemens ssa-306710 du 08 janvier 2019	-	other
Bulletin de sécurité Siemens ssa-944083 du 13 novembre 2018	-	other
Bulletin de sécurité Siemens ssa-724606 du 20 décembre 2012	-	other
Bulletin de sécurité Siemens ssa-253230 du 08 février 2016	-	other
Bulletin de sécurité Siemens ssa-346262 du 23 novembre 2017	-	other
Bulletin de sécurité Siemens ssa-179516 du 07 août 2018	-	other
Avis CERTFR-2015-AVI-364	-	other
Avis CERTFR-2017-AVI-140	-	other
Bulletin de sécurité Siemens ssa-584286 du 13 novembre 2018	-	other
Bulletin de sécurité Siemens ssa-874235 du 26 juin 2017	-	other
Bulletin de sécurité Siemens ssa-234763 du 17 juillet 2014	-	other
Bulletin de sécurité Siemens ssa-742938 du 04 décembre 2013	-	other
Avis CERTFR-2017-AVI-428	-	other
Bulletin de sécurité Siemens ssa-377318 du 12 février 2019	-	other
Bulletin de sécurité Siemens ssa-892012 du 24 avril 2014	-	other
Bulletin de sécurité Siemens ssa-087240 du 30 août 2017	-	other
Avis CERTFR-2019-AVI-004	-	other
Bulletin de sécurité Siemens ssa-850708 du 11 septembre 2013	-	other
Bulletin de sécurité Siemens ssa-110922 du 27 mars 2018	-	other
Bulletin de sécurité Siemens ssa-507847 du 09 octobre 2018	-	other
Bulletin de sécurité Siemens ssa-113131 du 13 novembre 2018	-	other
Bulletin de sécurité Siemens ssa-176087 du 01 octobre 2013	-	other
Bulletin de sécurité Siemens ssa-763427 du 27 novembre 2015	-	other
Bulletin de sécurité Siemens ssa-623229 du 08 avril 2016	-	other
Bulletin de sécurité Siemens ssa-592007 du 20 mars 2018	-	other
Avis CERTFR-2016-AVI-196	-	other
Bulletin de sécurité Siemens ssa-233109 du 13 novembre 2018	-	other
Bulletin de sécurité Siemens ssa-954136 du 02 février 2015	-	other
Bulletin de sécurité Siemens ssa-672373 du 18 novembre 2016	-	other
Avis CERTFR-2014-AVI-126	-	other
Bulletin de sécurité Siemens ssa-487246 du 08 avril 2015	-	other
Bulletin de sécurité Siemens ssa-542701 du 14 mai 2019	-	other
Bulletin de sécurité Siemens ssa-347726 du 09 octobre 2018	-	other
Bulletin de sécurité Siemens ssa-254686 du 09 octobre 2018	-	other
Bulletin de sécurité Siemens ssa-279823 du 08 octobre 2012	-	other
Bulletin de sécurité Siemens ssa-982399 du 11 décembre 2018	-	other
Bulletin de sécurité Siemens ssa-456423 du 12 mars 2014	-	other
Avis CERTFR-2016-AVI-062	-	other
Bulletin de sécurité Siemens ssa-635659 du 15 avril 2014	-	other
Bulletin de sécurité Siemens ssa-130874 du 05 avril 2012	-	other
Bulletin de sécurité Siemens ssa-141614 du 09 avril 2019	-	other
Bulletin de sécurité Siemens ssa-597212 du 21 janvier 2015	-	other
Bulletin de sécurité Siemens ssa-654382 du 20 mars 2014	-	other
Bulletin de sécurité Siemens ssa-833048 du 14 mars 2016	-	other
Bulletin de sécurité Siemens ssa-625789 du 10 juin 2011	-	other
Bulletin de sécurité Siemens ssa-731239 du 09 décembre 2016	-	other
Bulletin de sécurité Siemens ssa-470231 du 22 février 2018	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CP 343-1 Advanced variante SIPLUS versions ant\u00e9rieures \u00e0 3.0.44",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SITOP UPS1600 PROFINET variante SIPLUS versions ant\u00e9rieures \u00e0 2.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC427D et IPC427E variante SIPLUS BIOS versions ant\u00e9rieures \u00e0 V17.0x.14 et V21.01.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP 343-1 tous types et variante SIPLUS toutes versions ant\u00e9rieures \u00e0 3.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP 1543-1 variante SIPLUS versions ant\u00e9rieures \u00e0 2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X414 variante SIPLUS versions ant\u00e9rieures \u00e0 3.10.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 1531 IRC variante SIPLUS versions ant\u00e9rieures \u00e0 2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1200 CPU variante SIPLUS versions ant\u00e9rieures \u00e0 4.1.3 4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 4R-IE variante SIPLUS versions ant\u00e9rieures \u00e0 2.6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP 1243-1 tous types et variante SIPLUS versions ant\u00e9rieures \u00e0 3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-400 tous types en variante SIPLUS toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-200IRT variante SIPLUS versions ant\u00e9rieures \u00e0 5.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-300 variante SIPLUS versions ant\u00e9rieures \u00e0 4.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 CPU variante SIPLUS versions ant\u00e9rieures \u00e0 2.5 2.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "LOGO!8 BM variante SIPLUS toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS G120(C/P/D) avec PN variante SIPLUS versions ant\u00e9rieures \u00e0 4.7 SP9 HF1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOCODE pro V PN variante SIPLUS versions ant\u00e9rieures \u00e0 2.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-410 CPU variante SIPLUS variante SIPLUS versions ant\u00e9rieures \u00e0 8.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS S120 variante SIPLUS versions ant\u00e9rieures \u00e0 4.7 HF29, 4.8 HF5 et 5.1 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200pro et ET200S variante SIPLUS toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-200 variante SIPLUS versions ant\u00e9rieures \u00e0 5.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "IE/PB-Link variante SIPLUS versions ant\u00e9rieures \u00e0 3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200M variante SIPLUS toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 CPU sans support PROFINET variante SIPLUS versions ant\u00e9rieures \u00e0 3.X.16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200MP variante SIPLUS versions ant\u00e9rieures \u00e0 4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOCODE pro V EIP variante SIPLUS versions ant\u00e9rieures \u00e0 1.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200SP Open Controller variante SIPLUS versions ant\u00e9rieures \u00e0 2.6 et 4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PN/PN Coupler variante SIPLUS versions ant\u00e9rieures \u00e0 4.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 4R-IE DNP3 variante SIPLUS versions ant\u00e9rieures \u00e0 3.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP 1542SP-1 et 1543SP-1 variante SIPLUS versions ant\u00e9rieures \u00e0 1.0.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "IM 3V-IE / TIM 3V-IE Advanced variante SIPLUS versions ant\u00e9rieures \u00e0 2.6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION variante SIPLUS versions ant\u00e9rieures \u00e0 5.1 HF1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 3V-IE DNP3 variante SIPLUS versions ant\u00e9rieures \u00e0 3.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP 443-1 tous types et variante SIPLUS toutes versions ant\u00e9rieures \u00e0 3.2.9 3.2.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC HMI Basic Panels 2nd Generation, Comfort 15-22, Comfort 4-12, Comfort Pro Panels variante SIPLUS versions ant\u00e9rieures \u00e0 V14 SP1 Upd 6 et V15.1 Upd 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 CPU avec support PROFINET variante SIPLUS versions ant\u00e9rieures \u00e0 3.X.16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solution\n\n**\\[Important\\]** Certains avis \u00e9tant anciens et \u00e9tant donn\u00e9 le nombre\nde vuln\u00e9rabilit\u00e9s trait\u00e9es par les bulletins, le CERT-FR recommande de\nd\u00e9terminer la version applicable pour chaque configuration et\nd\u0027appliquer les mesures de protection \u00e9tablies par l\u0027\u00e9diteur dans la\nsection \"workarounds and migitations\" des bulletins de s\u00e9curit\u00e9 (cf.\nsection Documentation).\n\n\u00a0\n",
  "cves": [
    {
      "name": "CVE-2016-8561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8561"
    },
    {
      "name": "CVE-2014-2909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2909"
    },
    {
      "name": "CVE-2014-2248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2248"
    },
    {
      "name": "CVE-2014-2254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2254"
    },
    {
      "name": "CVE-2018-16558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16558"
    },
    {
      "name": "CVE-2014-2246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2246"
    },
    {
      "name": "CVE-2016-2200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2200"
    },
    {
      "name": "CVE-2014-2251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2251"
    },
    {
      "name": "CVE-2014-2255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2255"
    },
    {
      "name": "CVE-2013-0700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0700"
    },
    {
      "name": "CVE-2014-8479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8479"
    },
    {
      "name": "CVE-2017-2680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2680"
    },
    {
      "name": "CVE-2014-2908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2908"
    },
    {
      "name": "CVE-2014-2258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2258"
    },
    {
      "name": "CVE-2014-2257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2257"
    },
    {
      "name": "CVE-2018-16556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16556"
    },
    {
      "name": "CVE-2014-8478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8478"
    },
    {
      "name": "CVE-2017-12741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12741"
    },
    {
      "name": "CVE-2015-8214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8214"
    },
    {
      "name": "CVE-2018-13807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13807"
    },
    {
      "name": "CVE-2014-2259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2259"
    },
    {
      "name": "CVE-2013-2780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2780"
    },
    {
      "name": "CVE-2018-16561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16561"
    },
    {
      "name": "CVE-2014-2253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2253"
    },
    {
      "name": "CVE-2018-4850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4850"
    },
    {
      "name": "CVE-2015-1048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1048"
    },
    {
      "name": "CVE-2018-16559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16559"
    },
    {
      "name": "CVE-2016-2201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2201"
    },
    {
      "name": "CVE-2014-2247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2247"
    },
    {
      "name": "CVE-2014-2249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2249"
    },
    {
      "name": "CVE-2014-2250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2250"
    },
    {
      "name": "CVE-2018-16557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16557"
    },
    {
      "name": "CVE-2016-2846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2846"
    },
    {
      "name": "CVE-2015-5698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5698"
    },
    {
      "name": "CVE-2014-2256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2256"
    },
    {
      "name": "CVE-2016-8562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8562"
    },
    {
      "name": "CVE-2016-3949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3949"
    },
    {
      "name": "CVE-2015-2177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2177"
    },
    {
      "name": "CVE-2014-2252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2252"
    }
  ],
  "initial_release_date": "2020-02-11T00:00:00",
  "last_revision_date": "2020-02-12T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-818183 du 08 juin 2016",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-818183.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-268644 du 09 septembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
    },
    {
      "title": "Avis CERTFR-2018-AVI-429",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-429/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-892715 du 22 f\u00e9vrier 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-994726 du 05 mars 2015",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf"
    },
    {
      "title": "Avis CERTFR-2015-AVI-090",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2015-AVI-090/"
    },
    {
      "title": "Avis CERTFR-2018-AVI-235",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-235/"
    },
    {
      "title": "Avis CERTFR-2014-AVI-137",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2014-AVI-137/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-447396 du 11 septembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-804486 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-987029 du 05 mars 2015",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987029.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-240718 du 13 septembre 2012",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-240718.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-168644 du 22 f\u00e9vrier 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-180635 du 08 janvier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-293562 du 08 mai 2017",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-310688 du 14 ao\u00fbt 2014",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310688.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-546832 du 03 mai 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-100232 du 13 ao\u00fbt 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-914382 du 15 mai 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-744850 du 11 juin 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-134003 du 27 ao\u00fbt 2015",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf"
    },
    {
      "title": "Avis CERTFR-2016-AVI-384",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2016-AVI-384/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-321046 du 19 janvier 2015",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-321046.pdf"
    },
    {
      "title": "Avis CERTFR-2018-AVI-543",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-543/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-306710 du 08 janvier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306710.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-944083 du 13 novembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-724606 du 20 d\u00e9cembre 2012",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-724606.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-253230 du 08 f\u00e9vrier 2016",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-253230.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-346262 du 23 novembre 2017",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-179516 du 07 ao\u00fbt 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf"
    },
    {
      "title": "Avis CERTFR-2015-AVI-364",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2015-AVI-364/"
    },
    {
      "title": "Avis CERTFR-2017-AVI-140",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2017-AVI-140/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-584286 du 13 novembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-874235 du 26 juin 2017",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-234763 du 17 juillet 2014",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-742938 du 04 d\u00e9cembre 2013",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-742938.pdf"
    },
    {
      "title": "Avis CERTFR-2017-AVI-428",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2017-AVI-428/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-377318 du 12 f\u00e9vrier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-892012 du 24 avril 2014",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-087240 du 30 ao\u00fbt 2017",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf"
    },
    {
      "title": "Avis CERTFR-2019-AVI-004",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2019-AVI-004/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-850708 du 11 septembre 2013",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-850708.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-110922 du 27 mars 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-507847 du 09 octobre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-507847.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-113131 du 13 novembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-176087 du 01 octobre 2013",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-763427 du 27 novembre 2015",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-623229 du 08 avril 2016",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-592007 du 20 mars 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf"
    },
    {
      "title": "Avis CERTFR-2016-AVI-196",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2016-AVI-196/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-233109 du 13 novembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-954136 du 02 f\u00e9vrier 2015",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-954136.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-672373 du 18 novembre 2016",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
    },
    {
      "title": "Avis CERTFR-2014-AVI-126",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2014-AVI-126/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-487246 du 08 avril 2015",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-542701 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-347726 du 09 octobre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-254686 du 09 octobre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-279823 du 08 octobre 2012",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-279823.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-982399 du 11 d\u00e9cembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-456423 du 12 mars 2014",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf"
    },
    {
      "title": "Avis CERTFR-2016-AVI-062",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2016-AVI-062/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-635659 du 15 avril 2014",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-130874 du 05 avril 2012",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-130874.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-141614 du 09 avril 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-597212 du 21 janvier 2015",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-597212.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-654382 du 20 mars 2014",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-833048 du 14 mars 2016",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-833048.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-625789 du 10 juin 2011",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-625789.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-731239 du 09 d\u00e9cembre 2016",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-470231 du 22 f\u00e9vrier 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
    }
  ],
  "reference": "CERTFR-2020-AVI-077",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-02-11T00:00:00.000000"
    },
    {
      "description": "int\u00e9gration des 58 avis",
      "revision_date": "2020-02-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "\u003cstrong\u003eCet avis concerne une mise \u00e0 jour en date du 10 f\u00e9vrier 2020 de 58\navis Siemens (cf. section documentation). Les avis Siemens listent\nd\u00e9sormais les variantes SIPLUS parmi les syst\u00e8mes affect\u00e9s.\u003c/strong\u003e\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens de variante SIPLUS. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens de variante SIPLUS",
  "vendor_advisories": []
}

fkie_cve-2016-8562

Vulnerability from fkie_nvd

Published

2016-11-18 21:59

Modified

2025-10-22 00:15

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/94436	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf	Broken Link, Patch, Vendor Advisory
cve@mitre.org	https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf	Vendor Advisory
cve@mitre.org	https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94436	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf	Broken Link, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01	Third Party Advisory, US Government Resource
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-8562

Impacted products

Vendor	Product	Version
siemens	simatic_cp_1543-1_firmware	*
siemens	simatic_cp_1543-1	-
siemens	siplus_net_cp_1543-1_firmware	*
siemens	siplus_net_cp_1543-1	-

JSON

To clipboard

{
  "cisaActionDue": "2022-03-24",
  "cisaExploitAdd": "2022-03-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8CCE837-13AF-47FB-B4C8-7720F0876229",
              "versionEndExcluding": "2.0.28",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FDE92FB-38C7-46E8-9208-BBD7872219D5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDDA7068-0640-4E8C-A917-DB41F6A9D66A",
              "versionEndExcluding": "2.0.28",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D7AB0D5-FD3E-416A-975B-D212B3350433",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions \u003c V2.0.28), SIPLUS NET CP 1543-1 (All versions \u003c V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en SIMATIC CP 1543-1 (Todas las versiones \u0026lt; V2.0.28), SIPLUS NET CP 1543-1 (Todas las versiones \u0026lt; V2.0.28). En condiciones especiales era posible escribir variables SNMP en el puerto 161/udp que deber\u00edan ser de s\u00f3lo lectura y s\u00f3lo deber\u00edan configurarse con TIA-Portal. Una escritura en estas variables podr\u00eda reducir la disponibilidad o causar una denegaci\u00f3n de servicio"
    }
  ],
  "id": "CVE-2016-8562",
  "lastModified": "2025-10-22T00:15:56.610",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2016-11-18T21:59:02.033",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94436"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94436"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-8562"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-201611-0025

Vulnerability from variot

A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service. Siemens SIMATIC CP 1543-1 Is SNMPv3 Write access or SNMPv1 Service operation disruption when is enabled (DoS) There are vulnerabilities that are put into a state.By a remotely authenticated user SNMP Service operation disruption by changing variables (DoS) There is a possibility of being put into a state. SIEMENSSIMATICCP1543-1 is a communication processor that integrates security functions such as firewall, VPN, security protocol, data encryption, etc. It provides network connection and secure communication of s7-1500 controller. A denial of service vulnerability exists in the SIEMENSSIMATICCP1543-1 device. When SNMPv3 write access or SNMPv1 is turned on, an attacker exploits vulnerabilities to modify SNMP variables through the 161/udp port, thereby reducing availability or causing denial of service attacks. Siemens SIMATIC CP 1543-1 is prone to a privilege-escalation vulnerability and a denial-of-service vulnerability. Attackers can leverage these issues to gain elevated privileges and cause denial-of-service conditions on the affected device. Siemens SIMATIC CP 1543-1 is a controller of Germany's Siemens (Siemens) company that is used to connect communication processors to Ethernet and provides integrated security functions

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201611-0025",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic cp 1543-1",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "siemens",
        "version": "2.0.28"
      },
      {
        "model": "siplus net cp 1543-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0.28"
      },
      {
        "model": "simatic cp 1543-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1543-1\u003c2.0.28"
      },
      {
        "model": "simatic cp 1543-1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1543-10"
      },
      {
        "model": "simatic cp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1543-12.0.28"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic cp 1543 1",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11368"
      },
      {
        "db": "BID",
        "id": "94436"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005921"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-446"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8562"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:siemens:simatic_cp_1543-1",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:simatic_cp_1543-1_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005921"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "These vulnerabilities were coordinated directly with Siemens by SOGETI and Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information (ANSSI).",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-446"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-8562",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "CVE-2016-8562",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.4,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2016-11368",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.4,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 4.9,
            "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "VHN-97382",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.6,
            "id": "CVE-2016-8562",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-8562",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-8562",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-8562",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-11368",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201611-446",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66",
            "trust": 0.2,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-97382",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-8562",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11368"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97382"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8562"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005921"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-446"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8562"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions \u003c V2.0.28), SIPLUS NET CP 1543-1 (All versions \u003c V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service. Siemens SIMATIC CP 1543-1 Is SNMPv3 Write access or SNMPv1 Service operation disruption when is enabled (DoS) There are vulnerabilities that are put into a state.By a remotely authenticated user SNMP Service operation disruption by changing variables (DoS) There is a possibility of being put into a state. SIEMENSSIMATICCP1543-1 is a communication processor that integrates security functions such as firewall, VPN, security protocol, data encryption, etc. It provides network connection and secure communication of s7-1500 controller. A denial of service vulnerability exists in the SIEMENSSIMATICCP1543-1 device. When SNMPv3 write access or SNMPv1 is turned on, an attacker exploits vulnerabilities to modify SNMP variables through the 161/udp port, thereby reducing availability or causing denial of service attacks. Siemens SIMATIC CP 1543-1 is prone to a privilege-escalation vulnerability and a denial-of-service vulnerability. \nAttackers can leverage these issues to gain elevated privileges and cause denial-of-service conditions on the affected device. Siemens SIMATIC CP 1543-1 is a controller of Germany\u0027s Siemens (Siemens) company that is used to connect communication processors to Ethernet and provides integrated security functions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8562"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005921"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11368"
      },
      {
        "db": "BID",
        "id": "94436"
      },
      {
        "db": "IVD",
        "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97382"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8562"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-8562",
        "trust": 3.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-16-327-01",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "94436",
        "trust": 2.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-672373",
        "trust": 2.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11368",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-446",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005921",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "FE6B4AE9-2BA1-4C21-AF48-55D5ED245B66",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-97382",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8562",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11368"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97382"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8562"
      },
      {
        "db": "BID",
        "id": "94436"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005921"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-446"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8562"
      }
    ]
  },
  "id": "VAR-201611-0025",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11368"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97382"
      }
    ],
    "trust": 1.8117647
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11368"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:54:26.023000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-672373",
        "trust": 0.8,
        "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
      },
      {
        "title": "SIEMENSSIMATICCP1543-1 device denial of service vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/84113"
      },
      {
        "title": "Siemens SIMATIC CP 1543-1 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65784"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11368"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005921"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-446"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97382"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005921"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8562"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-327-01"
      },
      {
        "trust": 2.7,
        "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/94436"
      },
      {
        "trust": 1.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8562"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8562"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-16-327-01"
      },
      {
        "trust": 0.3,
        "url": "http://www.siemens.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-16-327-01"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11368"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97382"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8562"
      },
      {
        "db": "BID",
        "id": "94436"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005921"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-446"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8562"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11368"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97382"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8562"
      },
      {
        "db": "BID",
        "id": "94436"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005921"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-446"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8562"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-21T00:00:00",
        "db": "IVD",
        "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66"
      },
      {
        "date": "2016-11-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-11368"
      },
      {
        "date": "2016-11-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97382"
      },
      {
        "date": "2016-11-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-8562"
      },
      {
        "date": "2016-11-18T00:00:00",
        "db": "BID",
        "id": "94436"
      },
      {
        "date": "2016-11-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005921"
      },
      {
        "date": "2016-11-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-446"
      },
      {
        "date": "2016-11-18T21:59:02.033000",
        "db": "NVD",
        "id": "CVE-2016-8562"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-11368"
      },
      {
        "date": "2016-12-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97382"
      },
      {
        "date": "2022-04-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-8562"
      },
      {
        "date": "2016-11-24T00:16:00",
        "db": "BID",
        "id": "94436"
      },
      {
        "date": "2016-11-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005921"
      },
      {
        "date": "2022-04-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-446"
      },
      {
        "date": "2024-11-21T02:59:34.477000",
        "db": "NVD",
        "id": "CVE-2016-8562"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-446"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SIEMENS SIMATIC CP 1543-1 Device Denial of Service Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11368"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-446"
      }
    ],
    "trust": 0.6
  }
}

cnvd-2016-11368

Vulnerability from cnvd

Title

SIEMENS SIMATIC CP 1543-1设备拒绝服务漏洞

Description

SIEMENS SIMATIC CP 1543-1是一台集成了防火墙、VPN、安全协议、数据加密等安全功能的通信处理器，提供了s7-1500控制器的网络连接和安全通信。 SIEMENS SIMATIC CP 1543-1设备存在拒绝服务漏洞。当SNMPv3写访问权限或SNMPv1开启时，攻击者利用漏洞可通过161/udp端口修改SNMP变量，从而降低可用性或导致拒绝服务攻击。

Severity

中

Patch Name

SIEMENS SIMATIC CP 1543-1设备拒绝服务漏洞的补丁

Patch Description

Formal description

用户可升级至2.0.28版本，参考如下下载地址： https://support.industry.siemens.com/cs/ww/en/view/109743137

Reference

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf

Impacted products

Name
SIEMENS SIMATIC CP 1543-1 <2.0.28

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94436"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8562"
    }
  },
  "description": "SIEMENS SIMATIC CP 1543-1\u662f\u4e00\u53f0\u96c6\u6210\u4e86\u9632\u706b\u5899\u3001VPN\u3001\u5b89\u5168\u534f\u8bae\u3001\u6570\u636e\u52a0\u5bc6\u7b49\u5b89\u5168\u529f\u80fd\u7684\u901a\u4fe1\u5904\u7406\u5668\uff0c\u63d0\u4f9b\u4e86s7-1500\u63a7\u5236\u5668\u7684\u7f51\u7edc\u8fde\u63a5\u548c\u5b89\u5168\u901a\u4fe1\u3002\r\n\r\nSIEMENS SIMATIC CP 1543-1\u8bbe\u5907\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u5f53SNMPv3\u5199\u8bbf\u95ee\u6743\u9650\u6216SNMPv1\u5f00\u542f\u65f6\uff0c\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u901a\u8fc7161/udp\u7aef\u53e3\u4fee\u6539SNMP\u53d8\u91cf\uff0c\u4ece\u800c\u964d\u4f4e\u53ef\u7528\u6027\u6216\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "SOGETI,ANSSI",
  "formalWay": "\u7528\u6237\u53ef\u5347\u7ea7\u81f32.0.28\u7248\u672c\uff0c\u53c2\u8003\u5982\u4e0b\u4e0b\u8f7d\u5730\u5740\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109743137",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-11368",
  "openTime": "2016-11-21",
  "patchDescription": "SIEMENS SIMATIC CP 1543-1\u662f\u4e00\u53f0\u96c6\u6210\u4e86\u9632\u706b\u5899\u3001VPN\u3001\u5b89\u5168\u534f\u8bae\u3001\u6570\u636e\u52a0\u5bc6\u7b49\u5b89\u5168\u529f\u80fd\u7684\u901a\u4fe1\u5904\u7406\u5668\uff0c\u63d0\u4f9b\u4e86s7-1500\u63a7\u5236\u5668\u7684\u7f51\u7edc\u8fde\u63a5\u548c\u5b89\u5168\u901a\u4fe1\u3002\r\n\r\nSIEMENS SIMATIC CP 1543-1\u8bbe\u5907\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u5f53SNMPv3\u5199\u8bbf\u95ee\u6743\u9650\u6216SNMPv1\u5f00\u542f\u65f6\uff0c\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u901a\u8fc7161/udp\u7aef\u53e3\u4fee\u6539SNMP\u53d8\u91cf\uff0c\u4ece\u800c\u964d\u4f4e\u53ef\u7528\u6027\u6216\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SIEMENS SIMATIC CP 1543-1\u8bbe\u5907\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "SIEMENS SIMATIC CP 1543-1 \u003c2.0.28"
  },
  "referenceLink": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf",
  "serverity": "\u4e2d",
  "submitTime": "2016-11-21",
  "title": "SIEMENS SIMATIC CP 1543-1\u8bbe\u5907\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

gsd-2016-8562

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-8562

Aliases

CVE-2016-8562

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-8562",
    "description": "Siemens SIMATIC CP 1543-1 before 2.0.28, when SNMPv3 write access or SNMPv1 is enabled, allows remote authenticated users to cause a denial of service by modifying SNMP variables.",
    "id": "GSD-2016-8562"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-8562"
      ],
      "details": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions \u003c V2.0.28), SIPLUS NET CP 1543-1 (All versions \u003c V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.",
      "id": "GSD-2016-8562",
      "modified": "2023-12-13T01:21:22.819389Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2016-8562",
      "dateAdded": "2022-03-03",
      "dueDate": "2022-03-24",
      "product": "SIMATIC CP",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service.",
      "vendorProject": "Siemens",
      "vulnerabilityName": "Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-8562",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions \u003c V2.0.28), SIPLUS NET CP 1543-1 (All versions \u003c V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "94436",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94436"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
          },
          {
            "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf",
            "refsource": "CONFIRM",
            "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-8562"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions \u003c V2.0.28), SIPLUS NET CP 1543-1 (All versions \u003c V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
            },
            {
              "name": "94436",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/94436"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01",
              "refsource": "MISC",
              "tags": [],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-04-12T10:15Z",
      "publishedDate": "2016-11-18T21:59Z"
    }
  }
}

ghsa-f87x-hp4c-9cvw

Vulnerability from github

Published

2022-05-13 01:02

Modified

2025-10-22 00:31

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-8562"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-11-18T21:59:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions \u003c V2.0.28), SIPLUS NET CP 1543-1 (All versions \u003c V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.",
  "id": "GHSA-f87x-hp4c-9cvw",
  "modified": "2025-10-22T00:31:17Z",
  "published": "2022-05-13T01:02:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8562"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-8562"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94436"
    },
    {
      "type": "WEB",
      "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-8562 (GCVE-0-2016-8562)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

CERTFR-2016-AVI-384

Vulnerability from certfr_avis

Solution

CERTFR-2020-AVI-077

Vulnerability from certfr_avis

Solution

fkie_cve-2016-8562

Vulnerability from fkie_nvd

var-201611-0025

Vulnerability from variot

cnvd-2016-11368

Vulnerability from cnvd

gsd-2016-8562

Vulnerability from gsd

ghsa-f87x-hp4c-9cvw

Vulnerability from github

Tags

Sightings

Nomenclature