cnvd - cnvd-2018-20534

cnvd-2018-20534

Vulnerability from cnvd

Title

SIEMENS SIMATIC S7-1500,SIMATIC S7-1500 Software Controller和SIMATIC ET 200SP Open拒绝服务漏洞

Description

SIEMENS SIMATIC S7-1500 CPU family设计用于工业环境中的离散和连续控制，如制造，全球的食品和饮料以及化学工业。SIEMENS SIMATIC S7-1500 Software Controller是用于基于PC的自动化解决方案的SIMATIC软件控制器。SIEMENS SIMATIC ET 200SP Open是基于PC的SIMATIC S7-1500控制器的版本，包括可选的可视化以及紧凑设备中的中央I/O。 SIEMENS SIMATIC S7-1500,SIMATIC S7-1500 Software Controller和SIMATIC ET 200SP Open存在拒绝服务漏洞。攻击者可以通过向PLC发送大量特制数据包，在网络堆栈上导致拒绝服务。

Severity

中

Patch Name

SIEMENS SIMATIC S7-1500,SIMATIC S7-1500 Software Controller和SIMATIC ET 200SP Open拒绝服务漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdf

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdf

Impacted products

Name
['SIEMENS SIMATIC ET 200SP Open >= V2.0，< V2.5', 'Siemens SIMATIC S7-1500 Software Controller >= V2.0，< V2.0', 'Siemens SIMATIC S7-1500 CPU family >= V2.0，< V2.5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-13805"
    }
  },
  "description": "SIEMENS SIMATIC S7-1500 CPU family\u8bbe\u8ba1\u7528\u4e8e\u5de5\u4e1a\u73af\u5883\u4e2d\u7684\u79bb\u6563\u548c\u8fde\u7eed\u63a7\u5236\uff0c\u5982\u5236\u9020\uff0c\u5168\u7403\u7684\u98df\u54c1\u548c\u996e\u6599\u4ee5\u53ca\u5316\u5b66\u5de5\u4e1a\u3002SIEMENS SIMATIC S7-1500 Software Controller\u662f\u7528\u4e8e\u57fa\u4e8ePC\u7684\u81ea\u52a8\u5316\u89e3\u51b3\u65b9\u6848\u7684SIMATIC\u8f6f\u4ef6\u63a7\u5236\u5668\u3002SIEMENS SIMATIC ET 200SP Open\u662f\u57fa\u4e8ePC\u7684SIMATIC S7-1500\u63a7\u5236\u5668\u7684\u7248\u672c\uff0c\u5305\u62ec\u53ef\u9009\u7684\u53ef\u89c6\u5316\u4ee5\u53ca\u7d27\u51d1\u8bbe\u5907\u4e2d\u7684\u4e2d\u592eI/O\u3002\r\n\r\nSIEMENS SIMATIC S7-1500,SIMATIC S7-1500 Software Controller\u548cSIMATIC ET 200SP Open\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5411PLC\u53d1\u9001\u5927\u91cf\u7279\u5236\u6570\u636e\u5305\uff0c\u5728\u7f51\u7edc\u5806\u6808\u4e0a\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Marcin Dudek, Jacek Gajewski, Kinga Staszkiewicz, Jakub Suchorab, and Joanna Walkiewicz from National Centre for Nuclear Research Poland",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-20534",
  "openTime": "2018-10-10",
  "patchDescription": "SIEMENS SIMATIC S7-1500 CPU family\u8bbe\u8ba1\u7528\u4e8e\u5de5\u4e1a\u73af\u5883\u4e2d\u7684\u79bb\u6563\u548c\u8fde\u7eed\u63a7\u5236\uff0c\u5982\u5236\u9020\uff0c\u5168\u7403\u7684\u98df\u54c1\u548c\u996e\u6599\u4ee5\u53ca\u5316\u5b66\u5de5\u4e1a\u3002SIEMENS SIMATIC S7-1500 Software Controller\u662f\u7528\u4e8e\u57fa\u4e8ePC\u7684\u81ea\u52a8\u5316\u89e3\u51b3\u65b9\u6848\u7684SIMATIC\u8f6f\u4ef6\u63a7\u5236\u5668\u3002SIEMENS SIMATIC ET 200SP Open\u662f\u57fa\u4e8ePC\u7684SIMATIC S7-1500\u63a7\u5236\u5668\u7684\u7248\u672c\uff0c\u5305\u62ec\u53ef\u9009\u7684\u53ef\u89c6\u5316\u4ee5\u53ca\u7d27\u51d1\u8bbe\u5907\u4e2d\u7684\u4e2d\u592eI/O\u3002\r\n\r\nSIEMENS SIMATIC S7-1500,SIMATIC S7-1500 Software Controller\u548cSIMATIC ET 200SP Open\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5411PLC\u53d1\u9001\u5927\u91cf\u7279\u5236\u6570\u636e\u5305\uff0c\u5728\u7f51\u7edc\u5806\u6808\u4e0a\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SIEMENS SIMATIC S7-1500,SIMATIC S7-1500 Software Controller\u548cSIMATIC ET 200SP Open\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SIEMENS SIMATIC ET 200SP Open \u003e= V2.0\uff0c\u003c V2.5",
      "Siemens SIMATIC S7-1500 Software Controller \u003e= V2.0\uff0c\u003c V2.0",
      "Siemens SIMATIC S7-1500 CPU family \u003e= V2.0\uff0c\u003c V2.5"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdf",
  "serverity": "\u4e2d",
  "submitTime": "2018-10-10",
  "title": "SIEMENS SIMATIC S7-1500,SIMATIC S7-1500 Software Controller\u548cSIMATIC ET 200SP Open\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2018-13805 (GCVE-0-2018-13805)

Vulnerability from cvelistv5

Published

2018-10-10 17:00

Modified

2024-08-05 09:14

Severity ?

CWE

Other

Summary

A vulnerability has been identified in SIMATIC ET 200SP Open Controller (All versions >= V2.0 and < V2.1.6), SIMATIC S7-1500 Software Controller (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 incl. F (All versions >= V2.0 and < V2.5). An attacker can cause a denial-of-service condition on the network stack by sending a large number of specially crafted packets to the PLC. The PLC will lose its ability to communicate over the network. This vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. An attacker could use this vulnerability to compromise availability of the network connectivity. At the time of advisory publication no public exploitation of this vulnerability was known.

References

URL

Tags

https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdf

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Siemens AG

SIMATIC ET 200SP Open Controller

Version: All versions >= V2.0 and < V2.1.6

	Siemens AG	SIMATIC S7-1500 Software Controller	Version: All versions >= V2.0 and < V2.5
	Siemens AG	SIMATIC S7-1500 incl. F	Version: All versions >= V2.0 and < V2.5

Show details on NVD website