Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-16556 (GCVE-0-2018-16556)
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-08-05 10:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via
PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected
devices to go into defect mode. Manual reboot is required to resume normal
operation.
Successful exploitation requires an attacker to be able to send specially
crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi
Point Interfaces (MPI). No user interaction and no user privileges are
required to exploit the security vulnerability. The vulnerability could allow
causing a denial of service condition of the core functionality of the CPU,
compromising the availability of the system.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": " SIMATIC S7-400 CPU 412-1 DP V7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": " SIMATIC S7-400 CPU 412-2 DP V7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": " SIMATIC S7-400 CPU 414-2 DP V7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": " SIMATIC S7-400 CPU 414-3 DP V7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": " SIMATIC S7-400 CPU 414-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.0.3"
}
]
},
{
"defaultStatus": "unknown",
"product": " SIMATIC S7-400 CPU 414F-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.0.3"
}
]
},
{
"defaultStatus": "unknown",
"product": " SIMATIC S7-400 CPU 416-2 DP V7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": " SIMATIC S7-400 CPU 416-3 DP V7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": " SIMATIC S7-400 CPU 416-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.0.3"
}
]
},
{
"defaultStatus": "unknown",
"product": " SIMATIC S7-400 CPU 416F-2 DP V7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": " SIMATIC S7-400 CPU 416F-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.0.3"
}
]
},
{
"defaultStatus": "unknown",
"product": " SIMATIC S7-400 CPU 417-4 DP V7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 CPU 412-2 PN V7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.0.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.0.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-410 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-400 CPU 414-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.0.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-400 CPU 416-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.0.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-400 CPU 416-3 V7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-400 CPU 417-4 V7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions \u003c V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions \u003c V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via\r\nPROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected\r\ndevices to go into defect mode. Manual reboot is required to resume normal\r\noperation.\r\n\r\nSuccessful exploitation requires an attacker to be able to send specially\r\ncrafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi\r\nPoint Interfaces (MPI). No user interaction and no user privileges are\r\nrequired to exploit the security vulnerability. The vulnerability could allow\r\ncausing a denial of service condition of the core functionality of the CPU,\r\ncompromising the availability of the system."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T11:51:00.586Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2018-16556",
"datePublished": "2018-12-13T16:00:00",
"dateReserved": "2018-09-06T00:00:00",
"dateUpdated": "2024-08-05T10:24:32.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-16556\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2018-12-13T16:29:00.477\",\"lastModified\":\"2024-11-21T03:52:58.407\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions \u003c V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions \u003c V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via\\r\\nPROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected\\r\\ndevices to go into defect mode. Manual reboot is required to resume normal\\r\\noperation.\\r\\n\\r\\nSuccessful exploitation requires an attacker to be able to send specially\\r\\ncrafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi\\r\\nPoint Interfaces (MPI). No user interaction and no user privileges are\\r\\nrequired to exploit the security vulnerability. The vulnerability could allow\\r\\ncausing a denial of service condition of the core functionality of the CPU,\\r\\ncompromising the availability of the system.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en la familia de CPUs SIMATIC S7-400 DP V7 (incl. variantes SIPLUS) (Todas las versiones), la familia de CPUs SIMATIC S7-400 H V4.5 e inferiores (incl. variantes SIPLUS) (Todas las versiones), la familia de CPUs SIMATIC S7-400 H V6 (incl. variantes SIPLUS) (Todas las versiones). SIPLUS) (Todas las versiones anteriores a V6.0.9), familia de CPU SIMATIC S7-400 PN/DP V6 e inferiores (incl. variantes SIPLUS) (Todas las versiones), familia de CPU SIMATIC S7-410 (incl. variantes SIPLUS) (Todas las versiones anteriores a V8.2.1). Los paquetes especialmente dise\u00f1ados enviados al puerto 102/tcp a trav\u00e9s de la interfaz Ethernet, a trav\u00e9s de PROFIBUS o a trav\u00e9s de las interfaces multipunto (MPI) podr\u00edan hacer que los dispositivos afectados entraran en modo defectuoso. Se requiere un reinicio manual para reanudar el funcionamiento normal. La explotaci\u00f3n exitosa requiere que un atacante sea capaz de enviar paquetes especialmente dise\u00f1ados al puerto 102/tcp a trav\u00e9s de la interfaz Ethernet, a trav\u00e9s de PROFIBUS o de interfaces multipunto (MPI). No se requiere ninguna interacci\u00f3n ni privilegios de usuario para explotar la vulnerabilidad de seguridad. La vulnerabilidad podr\u00eda permitir causar una condici\u00f3n de denegaci\u00f3n de servicio de la funcionalidad del n\u00facleo de la CPU, comprometiendo la disponibilidad del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-400_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"v6.0\",\"matchCriteriaId\":\"57985BFC-3021-417D-89BA-570DD5803D57\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F97B67B-4516-4AD9-B33C-7F480EE0DB4D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-400_pn\\\\/dp_v7_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC44664E-830D-4122-A97A-1AFA61F5BBB5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-400_pn\\\\/dp_v7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C48D93F2-FB6B-4D4D-84FB-3A7CDE89B727\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-400h_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"v4.5\",\"matchCriteriaId\":\"1F0E0C78-913C-449B-957D-028BD73F760E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-400h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D1CCAFD-1D34-4893-9B3E-76CAD323179A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-410_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.2.1\",\"matchCriteriaId\":\"12192D3A-3583-4360-8BF2-FDB6CA9C3FD3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-410:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C67EEFE-85A1-4FFB-B049-AB0F9DB9EA99\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-400h_v6_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6668A57C-BC46-4008-B174-9E557946ACA2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-400h_v6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D082EB6-3C13-40C1-9949-179DC59037C1\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
var-201812-0391
Vulnerability from variot
A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation.
Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system. plural SIMATIC The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensSIMATICS7-400 is a programmable logic controller for manufacturing and process automation in Siemens, Germany. An input verification vulnerability exists in the Siemens SIMATIC S7-400 product. Siemens SIMATIC S7-400 CPU is prone to multiple denial-of-service vulnerabilities. Remote attackers may exploit these issues to cause denial-of-service conditions, denying service to legitimate users. A vulnerability has been identified in SIMATIC S7-400 (incl. At the time of advisory publication no public exploitation of this security vulnerability was known
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0391",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic s7-410",
"scope": "lt",
"trust": 1.8,
"vendor": "siemens",
"version": "8.2.1"
},
{
"model": "simatic s7-400h",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "v4.5"
},
{
"model": "simatic s7-400h v6",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-400",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "v6.0"
},
{
"model": "simatic s7-400 pn\\/dp v7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-400 pn/dp v7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-400",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "6"
},
{
"model": "simatic s7-400h v6",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-400h",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "s7-400h",
"scope": "lte",
"trust": 0.6,
"vendor": "siemens",
"version": "\u003c=4.5"
},
{
"model": "s7-400h",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "6"
},
{
"model": "s7-410",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "8.2.1"
},
{
"model": "s7-400",
"scope": "lte",
"trust": 0.6,
"vendor": "siemens",
"version": "\u003c=6"
},
{
"model": "s7-400 pn/dp",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7"
},
{
"model": "simatic s7-410",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "simatic s7-410",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "8"
},
{
"model": "simatic s7-400h cpu",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "simatic s7-400 pn/dp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7"
},
{
"model": "simatic s7-400 h",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v60"
},
{
"model": "simatic s7-400 cpu",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic s7-400 cpu",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "simatic s7-400 cpu",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "simatic s7-400 cpu",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic s7-410",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "8.2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400 pn dp v7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400h",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 410",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400h v6",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d80ae61-463f-11e9-a301-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25433"
},
{
"db": "BID",
"id": "107309"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014530"
},
{
"db": "NVD",
"id": "CVE-2018-16556"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-400pn%2Fdp_v7_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-400_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-400h_v6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-400h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-410_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014530"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CNCERT/CC",
"sources": [
{
"db": "BID",
"id": "107309"
}
],
"trust": 0.3
},
"cve": "CVE-2018-16556",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-16556",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-25433",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7d80ae61-463f-11e9-a301-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-126927",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-16556",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-16556",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-16556",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2018-16556",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-16556",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-25433",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-489",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d80ae61-463f-11e9-a301-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-126927",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d80ae61-463f-11e9-a301-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25433"
},
{
"db": "VULHUB",
"id": "VHN-126927"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014530"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-489"
},
{
"db": "NVD",
"id": "CVE-2018-16556"
},
{
"db": "NVD",
"id": "CVE-2018-16556"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions \u003c V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions \u003c V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via\r\nPROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected\r\ndevices to go into defect mode. Manual reboot is required to resume normal\r\noperation. \r\n\r\nSuccessful exploitation requires an attacker to be able to send specially\r\ncrafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi\r\nPoint Interfaces (MPI). No user interaction and no user privileges are\r\nrequired to exploit the security vulnerability. The vulnerability could allow\r\ncausing a denial of service condition of the core functionality of the CPU,\r\ncompromising the availability of the system. plural SIMATIC The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensSIMATICS7-400 is a programmable logic controller for manufacturing and process automation in Siemens, Germany. An input verification vulnerability exists in the Siemens SIMATIC S7-400 product. Siemens SIMATIC S7-400 CPU is prone to multiple denial-of-service vulnerabilities. \nRemote attackers may exploit these issues to cause denial-of-service conditions, denying service to legitimate users. A vulnerability has been identified in SIMATIC S7-400 (incl. At the time of advisory publication no public exploitation of this security vulnerability was known",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16556"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014530"
},
{
"db": "CNVD",
"id": "CNVD-2018-25433"
},
{
"db": "BID",
"id": "107309"
},
{
"db": "IVD",
"id": "7d80ae61-463f-11e9-a301-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-126927"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16556",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-317-02",
"trust": 2.3
},
{
"db": "SIEMENS",
"id": "SSA-113131",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201811-489",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-25433",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014530",
"trust": 0.8
},
{
"db": "BID",
"id": "107309",
"trust": 0.3
},
{
"db": "IVD",
"id": "7D80AE61-463F-11E9-A301-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-126927",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d80ae61-463f-11e9-a301-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25433"
},
{
"db": "VULHUB",
"id": "VHN-126927"
},
{
"db": "BID",
"id": "107309"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014530"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-489"
},
{
"db": "NVD",
"id": "CVE-2018-16556"
}
]
},
"id": "VAR-201812-0391",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d80ae61-463f-11e9-a301-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25433"
},
{
"db": "VULHUB",
"id": "VHN-126927"
}
],
"trust": 1.7068722928571431
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d80ae61-463f-11e9-a301-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25433"
}
]
},
"last_update_date": "2024-11-23T22:21:52.549000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-113131",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
},
{
"title": "SiemensSIMATICS7-400 input verification vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/147355"
},
{
"title": "Siemens SIMATIC S7-400 Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=86891"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-25433"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014530"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-489"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126927"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014530"
},
{
"db": "NVD",
"id": "CVE-2018-16556"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-317-02"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16556"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16556"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-25433"
},
{
"db": "VULHUB",
"id": "VHN-126927"
},
{
"db": "BID",
"id": "107309"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014530"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-489"
},
{
"db": "NVD",
"id": "CVE-2018-16556"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d80ae61-463f-11e9-a301-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25433"
},
{
"db": "VULHUB",
"id": "VHN-126927"
},
{
"db": "BID",
"id": "107309"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014530"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-489"
},
{
"db": "NVD",
"id": "CVE-2018-16556"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-14T00:00:00",
"db": "IVD",
"id": "7d80ae61-463f-11e9-a301-000c29342cb1"
},
{
"date": "2018-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-25433"
},
{
"date": "2018-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-126927"
},
{
"date": "2018-11-13T00:00:00",
"db": "BID",
"id": "107309"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014530"
},
{
"date": "2018-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-489"
},
{
"date": "2018-12-13T16:29:00.477000",
"db": "NVD",
"id": "CVE-2018-16556"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-25433"
},
{
"date": "2023-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-126927"
},
{
"date": "2018-11-13T00:00:00",
"db": "BID",
"id": "107309"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014530"
},
{
"date": "2023-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-489"
},
{
"date": "2024-11-21T03:52:58.407000",
"db": "NVD",
"id": "CVE-2018-16556"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-489"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC S7-400 Input validation vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d80ae61-463f-11e9-a301-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25433"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "7d80ae61-463f-11e9-a301-000c29342cb1"
},
{
"db": "BID",
"id": "107309"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-489"
}
],
"trust": 1.1
}
}
CERTFR-2018-AVI-543
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Siemens . Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC S7-410 versions antérieures à V8.2.1 | ||
| Siemens | N/A | SIMATIC S7-1500 versions antérieures à V2.6 | ||
| Siemens | N/A | SIMATIC HMI Comfort Outdoor Panels 7" & 15" versions antérieures à V15 Update 4 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Advanced versions antérieures à V15 Update 4 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional versions antérieures à V15 Update 4 | ||
| Siemens | N/A | SIMATIC STEP 7 (TIA Portal) versions antérieures à V15.1 | ||
| Siemens | N/A | SIMATIC HMI Comfort Panels 4" - 22" versions antérieures à V15 Update 4 | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) versions antérieures à V15 Update 4 | ||
| Siemens | N/A | SIMATIC IT Production Suite versions 7.1 antérieures à V7.1 Upd3 | ||
| Siemens | N/A | SCALANCE S602, S612, S623 et 627-2M versions antérieures à V4.0.1.1 | ||
| Siemens | N/A | SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 et KTP900F versions antérieures à V15 Update 4 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC S7-410 versions ant\u00e9rieures \u00e0 V8.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 versions ant\u00e9rieures \u00e0 V2.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" versions ant\u00e9rieures \u00e0 V15 Update 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Advanced versions ant\u00e9rieures \u00e0 V15 Update 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional versions ant\u00e9rieures \u00e0 V15 Update 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 (TIA Portal) versions ant\u00e9rieures \u00e0 V15.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Comfort Panels 4\" - 22\" versions ant\u00e9rieures \u00e0 V15 Update 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) versions ant\u00e9rieures \u00e0 V15 Update 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IT Production Suite versions 7.1 ant\u00e9rieures \u00e0 V7.1 Upd3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S602, S612, S623 et 627-2M versions ant\u00e9rieures \u00e0 V4.0.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 et KTP900F versions ant\u00e9rieures \u00e0 V15 Update 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-13811",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13811"
},
{
"name": "CVE-2018-16556",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16556"
},
{
"name": "CVE-2018-13812",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13812"
},
{
"name": "CVE-2018-13815",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13815"
},
{
"name": "CVE-2018-13804",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13804"
},
{
"name": "CVE-2018-13813",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13813"
},
{
"name": "CVE-2018-16557",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16557"
},
{
"name": "CVE-2018-16555",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16555"
},
{
"name": "CVE-2018-13814",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13814"
}
],
"initial_release_date": "2018-11-13T00:00:00",
"last_revision_date": "2018-11-13T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-543",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-11-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service \u00e0 distance, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "SCADA Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-584286 du 13 novembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-886615 du 13 novembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-886615.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-944083 du 13 novembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-242982 du 13 novembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-242982.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-113131 du 13 novembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-621493 du 13 novembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-621493.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-233109 du 13 novembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdf"
}
]
}
CERTFR-2020-AVI-077
Vulnerability from certfr_avis
Cet avis concerne une mise à jour en date du 10 février 2020 de 58 avis Siemens (cf. section documentation). Les avis Siemens listent désormais les variantes SIPLUS parmi les systèmes affectés.
De multiples vulnérabilités ont été découvertes dans les produits Siemens de variante SIPLUS. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
[Important] Certains avis étant anciens et étant donné le nombre de vulnérabilités traitées par les bulletins, le CERT-FR recommande de déterminer la version applicable pour chaque configuration et d'appliquer les mesures de protection établies par l'éditeur dans la section "workarounds and migitations" des bulletins de sécurité (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | CP 343-1 Advanced variante SIPLUS versions antérieures à 3.0.44 | ||
| Siemens | N/A | SITOP UPS1600 PROFINET variante SIPLUS versions antérieures à 2.2.0 | ||
| Siemens | N/A | SIMATIC IPC427D et IPC427E variante SIPLUS BIOS versions antérieures à V17.0x.14 et V21.01.18 | ||
| Siemens | N/A | CP 343-1 tous types et variante SIPLUS toutes versions antérieures à 3.1.1 | ||
| Siemens | N/A | CP 1543-1 variante SIPLUS versions antérieures à 2.1 | ||
| Siemens | N/A | SCALANCE X414 variante SIPLUS versions antérieures à 3.10.2 | ||
| Siemens | N/A | TIM 1531 IRC variante SIPLUS versions antérieures à 2.0 | ||
| Siemens | N/A | SIMATIC S7-1200 CPU variante SIPLUS versions antérieures à 4.1.3 4.3 | ||
| Siemens | N/A | TIM 4R-IE variante SIPLUS versions antérieures à 2.6.0 | ||
| Siemens | N/A | CP 1243-1 tous types et variante SIPLUS versions antérieures à 3.1 | ||
| Siemens | N/A | SIMATIC S7-400 tous types en variante SIPLUS toutes versions | ||
| Siemens | N/A | SCALANCE X-200IRT variante SIPLUS versions antérieures à 5.4.0 | ||
| Siemens | N/A | SCALANCE X-300 variante SIPLUS versions antérieures à 4.1.2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU variante SIPLUS versions antérieures à 2.5 2.6 | ||
| Siemens | N/A | LOGO!8 BM variante SIPLUS toutes versions | ||
| Siemens | N/A | SINAMICS G120(C/P/D) avec PN variante SIPLUS versions antérieures à 4.7 SP9 HF1 | ||
| Siemens | N/A | SIMOCODE pro V PN variante SIPLUS versions antérieures à 2.1.1 | ||
| Siemens | N/A | SIMATIC S7-410 CPU variante SIPLUS variante SIPLUS versions antérieures à 8.2.1 | ||
| Siemens | N/A | SINAMICS S120 variante SIPLUS versions antérieures à 4.7 HF29, 4.8 HF5 et 5.1 SP1 | ||
| Siemens | N/A | SIMATIC ET200pro et ET200S variante SIPLUS toutes versions | ||
| Siemens | N/A | SCALANCE X-200 variante SIPLUS versions antérieures à 5.2.2 | ||
| Siemens | N/A | IE/PB-Link variante SIPLUS versions antérieures à 3.0 | ||
| Siemens | N/A | SIMATIC ET200M variante SIPLUS toutes versions | ||
| Siemens | N/A | SIMATIC S7-300 CPU sans support PROFINET variante SIPLUS versions antérieures à 3.X.16 | ||
| Siemens | N/A | SIMATIC ET200MP variante SIPLUS versions antérieures à 4.2 | ||
| Siemens | N/A | SIMOCODE pro V EIP variante SIPLUS versions antérieures à 1.0.2 | ||
| Siemens | N/A | SIMATIC ET200SP Open Controller variante SIPLUS versions antérieures à 2.6 et 4.2 | ||
| Siemens | N/A | SIMATIC PN/PN Coupler variante SIPLUS versions antérieures à 4.2.0 | ||
| Siemens | N/A | TIM 4R-IE DNP3 variante SIPLUS versions antérieures à 3.1.0 | ||
| Siemens | N/A | CP 1542SP-1 et 1543SP-1 variante SIPLUS versions antérieures à 1.0.15 | ||
| Siemens | N/A | IM 3V-IE / TIM 3V-IE Advanced variante SIPLUS versions antérieures à 2.6.0 | ||
| Siemens | N/A | SIMOTION variante SIPLUS versions antérieures à 5.1 HF1 | ||
| Siemens | N/A | TIM 3V-IE DNP3 variante SIPLUS versions antérieures à 3.1.0 | ||
| Siemens | N/A | CP 443-1 tous types et variante SIPLUS toutes versions antérieures à 3.2.9 3.2.17 | ||
| Siemens | N/A | SIMATIC HMI Basic Panels 2nd Generation, Comfort 15-22, Comfort 4-12, Comfort Pro Panels variante SIPLUS versions antérieures à V14 SP1 Upd 6 et V15.1 Upd 1 | ||
| Siemens | N/A | SIMATIC S7-300 CPU avec support PROFINET variante SIPLUS versions antérieures à 3.X.16 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CP 343-1 Advanced variante SIPLUS versions ant\u00e9rieures \u00e0 3.0.44",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SITOP UPS1600 PROFINET variante SIPLUS versions ant\u00e9rieures \u00e0 2.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC427D et IPC427E variante SIPLUS BIOS versions ant\u00e9rieures \u00e0 V17.0x.14 et V21.01.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP 343-1 tous types et variante SIPLUS toutes versions ant\u00e9rieures \u00e0 3.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP 1543-1 variante SIPLUS versions ant\u00e9rieures \u00e0 2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X414 variante SIPLUS versions ant\u00e9rieures \u00e0 3.10.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC variante SIPLUS versions ant\u00e9rieures \u00e0 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1200 CPU variante SIPLUS versions ant\u00e9rieures \u00e0 4.1.3 4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 4R-IE variante SIPLUS versions ant\u00e9rieures \u00e0 2.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP 1243-1 tous types et variante SIPLUS versions ant\u00e9rieures \u00e0 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 tous types en variante SIPLUS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200IRT variante SIPLUS versions ant\u00e9rieures \u00e0 5.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-300 variante SIPLUS versions ant\u00e9rieures \u00e0 4.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU variante SIPLUS versions ant\u00e9rieures \u00e0 2.5 2.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO!8 BM variante SIPLUS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS G120(C/P/D) avec PN variante SIPLUS versions ant\u00e9rieures \u00e0 4.7 SP9 HF1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOCODE pro V PN variante SIPLUS versions ant\u00e9rieures \u00e0 2.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-410 CPU variante SIPLUS variante SIPLUS versions ant\u00e9rieures \u00e0 8.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S120 variante SIPLUS versions ant\u00e9rieures \u00e0 4.7 HF29, 4.8 HF5 et 5.1 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200pro et ET200S variante SIPLUS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200 variante SIPLUS versions ant\u00e9rieures \u00e0 5.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "IE/PB-Link variante SIPLUS versions ant\u00e9rieures \u00e0 3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200M variante SIPLUS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-300 CPU sans support PROFINET variante SIPLUS versions ant\u00e9rieures \u00e0 3.X.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200MP variante SIPLUS versions ant\u00e9rieures \u00e0 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOCODE pro V EIP variante SIPLUS versions ant\u00e9rieures \u00e0 1.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200SP Open Controller variante SIPLUS versions ant\u00e9rieures \u00e0 2.6 et 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PN/PN Coupler variante SIPLUS versions ant\u00e9rieures \u00e0 4.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 4R-IE DNP3 variante SIPLUS versions ant\u00e9rieures \u00e0 3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP 1542SP-1 et 1543SP-1 variante SIPLUS versions ant\u00e9rieures \u00e0 1.0.15",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "IM 3V-IE / TIM 3V-IE Advanced variante SIPLUS versions ant\u00e9rieures \u00e0 2.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION variante SIPLUS versions ant\u00e9rieures \u00e0 5.1 HF1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 3V-IE DNP3 variante SIPLUS versions ant\u00e9rieures \u00e0 3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP 443-1 tous types et variante SIPLUS toutes versions ant\u00e9rieures \u00e0 3.2.9 3.2.17",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Basic Panels 2nd Generation, Comfort 15-22, Comfort 4-12, Comfort Pro Panels variante SIPLUS versions ant\u00e9rieures \u00e0 V14 SP1 Upd 6 et V15.1 Upd 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-300 CPU avec support PROFINET variante SIPLUS versions ant\u00e9rieures \u00e0 3.X.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\n**\\[Important\\]** Certains avis \u00e9tant anciens et \u00e9tant donn\u00e9 le nombre\nde vuln\u00e9rabilit\u00e9s trait\u00e9es par les bulletins, le CERT-FR recommande de\nd\u00e9terminer la version applicable pour chaque configuration et\nd\u0027appliquer les mesures de protection \u00e9tablies par l\u0027\u00e9diteur dans la\nsection \"workarounds and migitations\" des bulletins de s\u00e9curit\u00e9 (cf.\nsection Documentation).\n\n\u00a0\n",
"cves": [
{
"name": "CVE-2016-8561",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8561"
},
{
"name": "CVE-2014-2909",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2909"
},
{
"name": "CVE-2014-2248",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2248"
},
{
"name": "CVE-2014-2254",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2254"
},
{
"name": "CVE-2018-16558",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16558"
},
{
"name": "CVE-2014-2246",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2246"
},
{
"name": "CVE-2016-2200",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2200"
},
{
"name": "CVE-2014-2251",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2251"
},
{
"name": "CVE-2014-2255",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2255"
},
{
"name": "CVE-2013-0700",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0700"
},
{
"name": "CVE-2014-8479",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8479"
},
{
"name": "CVE-2017-2680",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2680"
},
{
"name": "CVE-2014-2908",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2908"
},
{
"name": "CVE-2014-2258",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2258"
},
{
"name": "CVE-2014-2257",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2257"
},
{
"name": "CVE-2018-16556",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16556"
},
{
"name": "CVE-2014-8478",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8478"
},
{
"name": "CVE-2017-12741",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12741"
},
{
"name": "CVE-2015-8214",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8214"
},
{
"name": "CVE-2018-13807",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13807"
},
{
"name": "CVE-2014-2259",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2259"
},
{
"name": "CVE-2013-2780",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2780"
},
{
"name": "CVE-2018-16561",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16561"
},
{
"name": "CVE-2014-2253",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2253"
},
{
"name": "CVE-2018-4850",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4850"
},
{
"name": "CVE-2015-1048",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1048"
},
{
"name": "CVE-2018-16559",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16559"
},
{
"name": "CVE-2016-2201",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2201"
},
{
"name": "CVE-2014-2247",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2247"
},
{
"name": "CVE-2014-2249",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2249"
},
{
"name": "CVE-2014-2250",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2250"
},
{
"name": "CVE-2018-16557",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16557"
},
{
"name": "CVE-2016-2846",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2846"
},
{
"name": "CVE-2015-5698",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5698"
},
{
"name": "CVE-2014-2256",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2256"
},
{
"name": "CVE-2016-8562",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8562"
},
{
"name": "CVE-2016-3949",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3949"
},
{
"name": "CVE-2015-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2177"
},
{
"name": "CVE-2014-2252",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2252"
}
],
"initial_release_date": "2020-02-11T00:00:00",
"last_revision_date": "2020-02-12T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-818183 du 08 juin 2016",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-818183.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-268644 du 09 septembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"title": "Avis CERTFR-2018-AVI-429",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-429/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-892715 du 22 f\u00e9vrier 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-994726 du 05 mars 2015",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf"
},
{
"title": "Avis CERTFR-2015-AVI-090",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2015-AVI-090/"
},
{
"title": "Avis CERTFR-2018-AVI-235",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-235/"
},
{
"title": "Avis CERTFR-2014-AVI-137",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2014-AVI-137/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-447396 du 11 septembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-804486 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-987029 du 05 mars 2015",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987029.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-240718 du 13 septembre 2012",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-240718.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-168644 du 22 f\u00e9vrier 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-180635 du 08 janvier 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-293562 du 08 mai 2017",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-310688 du 14 ao\u00fbt 2014",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310688.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-546832 du 03 mai 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-100232 du 13 ao\u00fbt 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-914382 du 15 mai 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-744850 du 11 juin 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-134003 du 27 ao\u00fbt 2015",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf"
},
{
"title": "Avis CERTFR-2016-AVI-384",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2016-AVI-384/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-321046 du 19 janvier 2015",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-321046.pdf"
},
{
"title": "Avis CERTFR-2018-AVI-543",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-543/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-306710 du 08 janvier 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306710.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-944083 du 13 novembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-724606 du 20 d\u00e9cembre 2012",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-724606.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-253230 du 08 f\u00e9vrier 2016",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-253230.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-346262 du 23 novembre 2017",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-179516 du 07 ao\u00fbt 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf"
},
{
"title": "Avis CERTFR-2015-AVI-364",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2015-AVI-364/"
},
{
"title": "Avis CERTFR-2017-AVI-140",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2017-AVI-140/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-584286 du 13 novembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-874235 du 26 juin 2017",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-234763 du 17 juillet 2014",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-742938 du 04 d\u00e9cembre 2013",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-742938.pdf"
},
{
"title": "Avis CERTFR-2017-AVI-428",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2017-AVI-428/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-377318 du 12 f\u00e9vrier 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-892012 du 24 avril 2014",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-087240 du 30 ao\u00fbt 2017",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf"
},
{
"title": "Avis CERTFR-2019-AVI-004",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2019-AVI-004/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-850708 du 11 septembre 2013",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-850708.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-110922 du 27 mars 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-507847 du 09 octobre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-507847.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-113131 du 13 novembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-176087 du 01 octobre 2013",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-763427 du 27 novembre 2015",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-623229 du 08 avril 2016",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-592007 du 20 mars 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf"
},
{
"title": "Avis CERTFR-2016-AVI-196",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2016-AVI-196/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-233109 du 13 novembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-954136 du 02 f\u00e9vrier 2015",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-954136.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-672373 du 18 novembre 2016",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
},
{
"title": "Avis CERTFR-2014-AVI-126",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2014-AVI-126/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-487246 du 08 avril 2015",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-542701 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-347726 du 09 octobre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-254686 du 09 octobre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-279823 du 08 octobre 2012",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-279823.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-982399 du 11 d\u00e9cembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-456423 du 12 mars 2014",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf"
},
{
"title": "Avis CERTFR-2016-AVI-062",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2016-AVI-062/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-635659 du 15 avril 2014",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-130874 du 05 avril 2012",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-130874.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-141614 du 09 avril 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-597212 du 21 janvier 2015",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-597212.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-654382 du 20 mars 2014",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-833048 du 14 mars 2016",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-833048.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-625789 du 10 juin 2011",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-625789.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-731239 du 09 d\u00e9cembre 2016",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-470231 du 22 f\u00e9vrier 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
}
],
"reference": "CERTFR-2020-AVI-077",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-02-11T00:00:00.000000"
},
{
"description": "int\u00e9gration des 58 avis",
"revision_date": "2020-02-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "\u003cstrong\u003eCet avis concerne une mise \u00e0 jour en date du 10 f\u00e9vrier 2020 de 58\navis Siemens (cf. section documentation). Les avis Siemens listent\nd\u00e9sormais les variantes SIPLUS parmi les syst\u00e8mes affect\u00e9s.\u003c/strong\u003e\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens de variante SIPLUS. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens de variante SIPLUS",
"vendor_advisories": []
}
ghsa-h69h-mwxm-xg4v
Vulnerability from github
Published
2022-05-14 01:02
Modified
2022-05-14 01:02
Severity ?
VLAI Severity ?
Details
A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 (All versions < V8.2.1). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.
{
"affected": [],
"aliases": [
"CVE-2018-16556"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-13T16:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions \u003c V6.0.9), SIMATIC S7-410 (All versions \u003c V8.2.1). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.",
"id": "GHSA-h69h-mwxm-xg4v",
"modified": "2022-05-14T01:02:48Z",
"published": "2022-05-14T01:02:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16556"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
ICSA-18-317-02
Vulnerability from csaf_cisa
Published
2018-11-13 00:00
Modified
2023-05-09 00:00
Summary
Siemens S7-400 CPUs (Update B)
Notes
Summary
Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family
that could allow an attacker to cause a denial of service condition. In order
to exploit the vulnerabilities, an attacker must have access to the affected
devices on port 102/tcp via Ethernet, PROFIBUS or Multi Point Interfaces
(MPI).
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family\nthat could allow an attacker to cause a denial of service condition. In order\nto exploit the vulnerabilities, an attacker must have access to the affected\ndevices on port 102/tcp via Ethernet, PROFIBUS or Multi Point Interfaces\n(MPI). \n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-113131: Denial of Service Vulnerabilities in SIMATIC S7-400 CPUs - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-113131.json"
},
{
"category": "self",
"summary": "SSA-113131: Denial of Service Vulnerabilities in SIMATIC S7-400 CPUs - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-113131.html"
},
{
"category": "self",
"summary": "SSA-113131: Denial of Service Vulnerabilities in SIMATIC S7-400 CPUs - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
},
{
"category": "self",
"summary": "SSA-113131: Denial of Service Vulnerabilities in SIMATIC S7-400 CPUs - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-113131.txt"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-18-317-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-317-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-18-317-02 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-317-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens S7-400 CPUs (Update B)",
"tracking": {
"current_release_date": "2023-05-09T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-18-317-02",
"initial_release_date": "2018-11-13T00:00:00.000000Z",
"revision_history": [
{
"date": "2018-11-13T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2019-05-14T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Updated acknowledgements and added solution for S7-400H V6"
},
{
"date": "2020-02-10T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "SIPLUS devices now explicitly mentioned in the list of affected products"
},
{
"date": "2022-08-09T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "No fix planned for SIMATIC S7-400 PN/DP V6 and below CPU family, and for SIMATIC S7-400 H V4.5 and below CPU family"
},
{
"date": "2023-01-10T00:00:00.000000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "No fix planned for SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)"
},
{
"date": "2023-05-09T00:00:00.000000Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Expanded SIMATIC S7-400 V7 CPU family (incl. SIPLUS variants) to individual products and MLFBs; added fix for SIMATIC S7-400 PN/DP V7 CPUs; clarified that no fix is planned for other S7-400 V7 CPUs"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 412-1 DP V7 (6ES7412-1XJ07-0AB0)",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"model_numbers": [
"6ES7412-1XJ07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 412-1 DP V7 (6ES7412-1XJ07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 412-2 DP V7 (6ES7412-2XK07-0AB0)",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"model_numbers": [
"6ES7412-2XK07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 412-2 DP V7 (6ES7412-2XK07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 414-2 DP V7 (6ES7414-2XL07-0AB0)",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"model_numbers": [
"6ES7414-2XL07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 414-2 DP V7 (6ES7414-2XL07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 414-3 DP V7 (6ES7414-3XM07-0AB0)",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"model_numbers": [
"6ES7414-3XM07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 414-3 DP V7 (6ES7414-3XM07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": " SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0)",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"model_numbers": [
"6ES7414-3EM07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": " SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0)",
"product_id": "CSAFPID-0006",
"product_identification_helper": {
"model_numbers": [
"6ES7414-3FM07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 416-2 DP V7 (6ES7416-2XP07-0AB0)",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"model_numbers": [
"6ES7416-2XP07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 416-2 DP V7 (6ES7416-2XP07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 416-3 DP V7 (6ES7416-3XS07-0AB0)",
"product_id": "CSAFPID-0008",
"product_identification_helper": {
"model_numbers": [
"6ES7416-3XS07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 416-3 DP V7 (6ES7416-3XS07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": " SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0)",
"product_id": "CSAFPID-0009",
"product_identification_helper": {
"model_numbers": [
"6ES7416-3ES07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 416F-2 DP V7 (6ES7416-2FP07-0AB0)",
"product_id": "CSAFPID-0010",
"product_identification_helper": {
"model_numbers": [
"6ES7416-2FP07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 416F-2 DP V7 (6ES7416-2FP07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": " SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0)",
"product_id": "CSAFPID-0011",
"product_identification_helper": {
"model_numbers": [
"6ES7416-3FS07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 417-4 DP V7 (6ES7417-4XT07-0AB0)",
"product_id": "CSAFPID-0012",
"product_identification_helper": {
"model_numbers": [
"6ES7417-4XT07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 417-4 DP V7 (6ES7417-4XT07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": "SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0)",
"product_id": "CSAFPID-0013",
"product_identification_helper": {
"model_numbers": [
"6ES7412-2EK07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants)",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV6.0.9",
"product": {
"name": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2.1",
"product": {
"name": "SIMATIC S7-410 CPU family (incl. SIPLUS variants)",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-410 CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": "SIPLUS S7-400 CPU 414-3 PN/DP V7 (6AG1414-3EM07-7AB0)",
"product_id": "CSAFPID-0018",
"product_identification_helper": {
"model_numbers": [
"6AG1414-3EM07-7AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS S7-400 CPU 414-3 PN/DP V7 (6AG1414-3EM07-7AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": "SIPLUS S7-400 CPU 416-3 PN/DP V7 (6AG1416-3ES07-7AB0)",
"product_id": "CSAFPID-0019",
"product_identification_helper": {
"model_numbers": [
"6AG1416-3ES07-7AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS S7-400 CPU 416-3 PN/DP V7 (6AG1416-3ES07-7AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPLUS S7-400 CPU 416-3 V7 (6AG1416-3XS07-7AB0)",
"product_id": "CSAFPID-0020",
"product_identification_helper": {
"model_numbers": [
"6AG1416-3XS07-7AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS S7-400 CPU 416-3 V7 (6AG1416-3XS07-7AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPLUS S7-400 CPU 417-4 V7 (6AG1417-4XT07-7AB0)",
"product_id": "CSAFPID-0021",
"product_identification_helper": {
"model_numbers": [
"6AG1417-4XT07-7AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS S7-400 CPU 417-4 V7 (6AG1417-4XT07-7AB0)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16556",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Specially crafted packets sent to port 102/tcp via Ethernet interface, via\r\nPROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected\r\ndevices to go into defect mode. Manual reboot is required to resume normal\r\noperation.\r\n\r\nSuccessful exploitation requires an attacker to be able to send specially\r\ncrafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi\r\nPoint Interfaces (MPI). No user interaction and no user privileges are\r\nrequired to exploit the security vulnerability. The vulnerability could allow\r\ncausing a denial of service condition of the core functionality of the CPU,\r\ncompromising the availability of the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Restrict network access to affected devices; restrict network access to port 102/tcp for Ethernet interfaces",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
{
"category": "mitigation",
"details": "Activate Field Interface Security in PCS 7 V9.0, and use a SIMATIC/SIPLUS CP443-1 Adv. to communicate with ES/OS",
"product_ids": [
"CSAFPID-0017"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0014",
"CSAFPID-0016",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
{
"category": "vendor_fix",
"details": "Update to V7.0.3 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0013",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109752685/"
},
{
"category": "vendor_fix",
"details": "Update to V6.0.9 or later version",
"product_ids": [
"CSAFPID-0015"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109474550/"
},
{
"category": "vendor_fix",
"details": "Update to V8.2.1 or later version",
"product_ids": [
"CSAFPID-0017"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109476571/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
}
],
"title": "CVE-2018-16556"
},
{
"cve": "CVE-2018-16557",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "summary",
"text": "Sending of specially crafted packets to port 102/tcp via Ethernet interface\r\nvia PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service\r\ncondition on affected devices. Flashing with a firmware image may be required\r\nto recover the CPU.\r\n\r\nSuccessful exploitation requires an attacker to have network access to port\r\n102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or\r\nMulti Point Interfaces (MPI) to the device. No user interaction is required.\r\nIf no access protection is configured, no privileges are required to exploit\r\nthe security vulnerability. The vulnerability could allow causing a\r\ndenial of service condition of the core functionality of the CPU,\r\ncompromising the availability of the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
"remediations": [
{
"category": "mitigation",
"details": "CVE-2018-16557: Configure protection level 3 (read/write protection)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
{
"category": "mitigation",
"details": "Restrict network access to affected devices; restrict network access to port 102/tcp for Ethernet interfaces",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
{
"category": "mitigation",
"details": "Activate Field Interface Security in PCS 7 V9.0, and use a SIMATIC/SIPLUS CP443-1 Adv. to communicate with ES/OS",
"product_ids": [
"CSAFPID-0017"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0014",
"CSAFPID-0016",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
{
"category": "vendor_fix",
"details": "Update to V7.0.3 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0013",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109752685/"
},
{
"category": "vendor_fix",
"details": "Update to V6.0.9 or later version",
"product_ids": [
"CSAFPID-0015"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109474550/"
},
{
"category": "vendor_fix",
"details": "Update to V8.2.1 or later version",
"product_ids": [
"CSAFPID-0017"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109476571/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
}
],
"title": "CVE-2018-16557"
}
]
}
icsa-18-317-02
Vulnerability from csaf_cisa
Published
2018-11-13 00:00
Modified
2023-05-09 00:00
Summary
Siemens S7-400 CPUs (Update B)
Notes
Summary
Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family
that could allow an attacker to cause a denial of service condition. In order
to exploit the vulnerabilities, an attacker must have access to the affected
devices on port 102/tcp via Ethernet, PROFIBUS or Multi Point Interfaces
(MPI).
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family\nthat could allow an attacker to cause a denial of service condition. In order\nto exploit the vulnerabilities, an attacker must have access to the affected\ndevices on port 102/tcp via Ethernet, PROFIBUS or Multi Point Interfaces\n(MPI). \n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-113131: Denial of Service Vulnerabilities in SIMATIC S7-400 CPUs - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-113131.json"
},
{
"category": "self",
"summary": "SSA-113131: Denial of Service Vulnerabilities in SIMATIC S7-400 CPUs - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-113131.html"
},
{
"category": "self",
"summary": "SSA-113131: Denial of Service Vulnerabilities in SIMATIC S7-400 CPUs - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
},
{
"category": "self",
"summary": "SSA-113131: Denial of Service Vulnerabilities in SIMATIC S7-400 CPUs - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-113131.txt"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-18-317-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-317-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-18-317-02 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-317-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens S7-400 CPUs (Update B)",
"tracking": {
"current_release_date": "2023-05-09T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-18-317-02",
"initial_release_date": "2018-11-13T00:00:00.000000Z",
"revision_history": [
{
"date": "2018-11-13T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2019-05-14T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Updated acknowledgements and added solution for S7-400H V6"
},
{
"date": "2020-02-10T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "SIPLUS devices now explicitly mentioned in the list of affected products"
},
{
"date": "2022-08-09T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "No fix planned for SIMATIC S7-400 PN/DP V6 and below CPU family, and for SIMATIC S7-400 H V4.5 and below CPU family"
},
{
"date": "2023-01-10T00:00:00.000000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "No fix planned for SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)"
},
{
"date": "2023-05-09T00:00:00.000000Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Expanded SIMATIC S7-400 V7 CPU family (incl. SIPLUS variants) to individual products and MLFBs; added fix for SIMATIC S7-400 PN/DP V7 CPUs; clarified that no fix is planned for other S7-400 V7 CPUs"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 412-1 DP V7 (6ES7412-1XJ07-0AB0)",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"model_numbers": [
"6ES7412-1XJ07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 412-1 DP V7 (6ES7412-1XJ07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 412-2 DP V7 (6ES7412-2XK07-0AB0)",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"model_numbers": [
"6ES7412-2XK07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 412-2 DP V7 (6ES7412-2XK07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 414-2 DP V7 (6ES7414-2XL07-0AB0)",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"model_numbers": [
"6ES7414-2XL07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 414-2 DP V7 (6ES7414-2XL07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 414-3 DP V7 (6ES7414-3XM07-0AB0)",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"model_numbers": [
"6ES7414-3XM07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 414-3 DP V7 (6ES7414-3XM07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": " SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0)",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"model_numbers": [
"6ES7414-3EM07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": " SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0)",
"product_id": "CSAFPID-0006",
"product_identification_helper": {
"model_numbers": [
"6ES7414-3FM07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 416-2 DP V7 (6ES7416-2XP07-0AB0)",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"model_numbers": [
"6ES7416-2XP07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 416-2 DP V7 (6ES7416-2XP07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 416-3 DP V7 (6ES7416-3XS07-0AB0)",
"product_id": "CSAFPID-0008",
"product_identification_helper": {
"model_numbers": [
"6ES7416-3XS07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 416-3 DP V7 (6ES7416-3XS07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": " SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0)",
"product_id": "CSAFPID-0009",
"product_identification_helper": {
"model_numbers": [
"6ES7416-3ES07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 416F-2 DP V7 (6ES7416-2FP07-0AB0)",
"product_id": "CSAFPID-0010",
"product_identification_helper": {
"model_numbers": [
"6ES7416-2FP07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 416F-2 DP V7 (6ES7416-2FP07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": " SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0)",
"product_id": "CSAFPID-0011",
"product_identification_helper": {
"model_numbers": [
"6ES7416-3FS07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 417-4 DP V7 (6ES7417-4XT07-0AB0)",
"product_id": "CSAFPID-0012",
"product_identification_helper": {
"model_numbers": [
"6ES7417-4XT07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 417-4 DP V7 (6ES7417-4XT07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": "SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0)",
"product_id": "CSAFPID-0013",
"product_identification_helper": {
"model_numbers": [
"6ES7412-2EK07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants)",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV6.0.9",
"product": {
"name": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2.1",
"product": {
"name": "SIMATIC S7-410 CPU family (incl. SIPLUS variants)",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-410 CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": "SIPLUS S7-400 CPU 414-3 PN/DP V7 (6AG1414-3EM07-7AB0)",
"product_id": "CSAFPID-0018",
"product_identification_helper": {
"model_numbers": [
"6AG1414-3EM07-7AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS S7-400 CPU 414-3 PN/DP V7 (6AG1414-3EM07-7AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": "SIPLUS S7-400 CPU 416-3 PN/DP V7 (6AG1416-3ES07-7AB0)",
"product_id": "CSAFPID-0019",
"product_identification_helper": {
"model_numbers": [
"6AG1416-3ES07-7AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS S7-400 CPU 416-3 PN/DP V7 (6AG1416-3ES07-7AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPLUS S7-400 CPU 416-3 V7 (6AG1416-3XS07-7AB0)",
"product_id": "CSAFPID-0020",
"product_identification_helper": {
"model_numbers": [
"6AG1416-3XS07-7AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS S7-400 CPU 416-3 V7 (6AG1416-3XS07-7AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPLUS S7-400 CPU 417-4 V7 (6AG1417-4XT07-7AB0)",
"product_id": "CSAFPID-0021",
"product_identification_helper": {
"model_numbers": [
"6AG1417-4XT07-7AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS S7-400 CPU 417-4 V7 (6AG1417-4XT07-7AB0)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16556",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Specially crafted packets sent to port 102/tcp via Ethernet interface, via\r\nPROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected\r\ndevices to go into defect mode. Manual reboot is required to resume normal\r\noperation.\r\n\r\nSuccessful exploitation requires an attacker to be able to send specially\r\ncrafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi\r\nPoint Interfaces (MPI). No user interaction and no user privileges are\r\nrequired to exploit the security vulnerability. The vulnerability could allow\r\ncausing a denial of service condition of the core functionality of the CPU,\r\ncompromising the availability of the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Restrict network access to affected devices; restrict network access to port 102/tcp for Ethernet interfaces",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
{
"category": "mitigation",
"details": "Activate Field Interface Security in PCS 7 V9.0, and use a SIMATIC/SIPLUS CP443-1 Adv. to communicate with ES/OS",
"product_ids": [
"CSAFPID-0017"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0014",
"CSAFPID-0016",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
{
"category": "vendor_fix",
"details": "Update to V7.0.3 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0013",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109752685/"
},
{
"category": "vendor_fix",
"details": "Update to V6.0.9 or later version",
"product_ids": [
"CSAFPID-0015"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109474550/"
},
{
"category": "vendor_fix",
"details": "Update to V8.2.1 or later version",
"product_ids": [
"CSAFPID-0017"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109476571/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
}
],
"title": "CVE-2018-16556"
},
{
"cve": "CVE-2018-16557",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "summary",
"text": "Sending of specially crafted packets to port 102/tcp via Ethernet interface\r\nvia PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service\r\ncondition on affected devices. Flashing with a firmware image may be required\r\nto recover the CPU.\r\n\r\nSuccessful exploitation requires an attacker to have network access to port\r\n102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or\r\nMulti Point Interfaces (MPI) to the device. No user interaction is required.\r\nIf no access protection is configured, no privileges are required to exploit\r\nthe security vulnerability. The vulnerability could allow causing a\r\ndenial of service condition of the core functionality of the CPU,\r\ncompromising the availability of the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
"remediations": [
{
"category": "mitigation",
"details": "CVE-2018-16557: Configure protection level 3 (read/write protection)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
{
"category": "mitigation",
"details": "Restrict network access to affected devices; restrict network access to port 102/tcp for Ethernet interfaces",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
{
"category": "mitigation",
"details": "Activate Field Interface Security in PCS 7 V9.0, and use a SIMATIC/SIPLUS CP443-1 Adv. to communicate with ES/OS",
"product_ids": [
"CSAFPID-0017"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0014",
"CSAFPID-0016",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
{
"category": "vendor_fix",
"details": "Update to V7.0.3 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0013",
"CSAFPID-0018",
"CSAFPID-0019"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109752685/"
},
{
"category": "vendor_fix",
"details": "Update to V6.0.9 or later version",
"product_ids": [
"CSAFPID-0015"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109474550/"
},
{
"category": "vendor_fix",
"details": "Update to V8.2.1 or later version",
"product_ids": [
"CSAFPID-0017"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109476571/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
}
],
"title": "CVE-2018-16557"
}
]
}
cnvd-2018-25433
Vulnerability from cnvd
Title
Siemens SIMATIC S7-400输入验证漏洞
Description
Siemens SIMATIC S7-400是德国西门子(Siemens)公司的一款用于制造和过程自动化领域的可编程逻辑控制器产品。
Siemens SIMATIC S7-400产品中存在输入验证漏洞,攻击者可借助Ethernet界面、PROFIBUS或多点接口(MPI)向TCP 102端口发送特制的数据包利用该漏洞造成服务崩溃。
Severity
高
VLAI Severity ?
Patch Name
Siemens SIMATIC S7-400输入验证漏洞的补丁
Patch Description
Siemens SIMATIC S7-400是德国西门子(Siemens)公司的一款用于制造和过程自动化领域的可编程逻辑控制器产品。
Siemens SIMATIC S7-400产品中存在输入验证漏洞,攻击者可借助Ethernet界面、PROFIBUS或多点接口(MPI)向TCP 102端口发送特制的数据包利用该漏洞造成服务崩溃。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商只发布了产品SIMATIC S7-410的升级补丁以修复漏洞,产品SIMATIC S7-400和SIMATIC S7-400H的升级补丁暂未发布,详情请参考链接: https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf
Reference
https://ics-cert.us-cert.gov/advisories/ICSA-18-317-02
Impacted products
| Name | ['Siemens S7-400H <=4.5', 'Siemens S7-400H 6', 'Siemens S7-410 <8.2.1', 'Siemens S7-400 <=6(包括F)', 'Siemens S7-400 PN/DP 7(包括F)'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-16556"
}
},
"description": "Siemens SIMATIC S7-400\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u5236\u9020\u548c\u8fc7\u7a0b\u81ea\u52a8\u5316\u9886\u57df\u7684\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\u4ea7\u54c1\u3002\n\nSiemens SIMATIC S7-400\u4ea7\u54c1\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9Ethernet\u754c\u9762\u3001PROFIBUS\u6216\u591a\u70b9\u63a5\u53e3\uff08MPI\uff09\u5411TCP 102\u7aef\u53e3\u53d1\u9001\u7279\u5236\u7684\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u670d\u52a1\u5d29\u6e83\u3002",
"discovererName": "CNCERT/CC",
"formalWay": "\u76ee\u524d\u5382\u5546\u53ea\u53d1\u5e03\u4e86\u4ea7\u54c1SIMATIC S7-410\u7684\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u4ea7\u54c1SIMATIC S7-400\u548cSIMATIC S7-400H\u7684\u5347\u7ea7\u8865\u4e01\u6682\u672a\u53d1\u5e03\uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\u94fe\u63a5\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-25433",
"openTime": "2018-12-14",
"patchDescription": "Siemens SIMATIC S7-400\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u5236\u9020\u548c\u8fc7\u7a0b\u81ea\u52a8\u5316\u9886\u57df\u7684\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\u4ea7\u54c1\u3002\r\n\r\nSiemens SIMATIC S7-400\u4ea7\u54c1\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9Ethernet\u754c\u9762\u3001PROFIBUS\u6216\u591a\u70b9\u63a5\u53e3\uff08MPI\uff09\u5411TCP 102\u7aef\u53e3\u53d1\u9001\u7279\u5236\u7684\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u670d\u52a1\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Siemens SIMATIC S7-400\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens S7-400H \u003c=4.5",
"Siemens S7-400H 6",
"Siemens S7-410 \u003c8.2.1",
"Siemens S7-400 \u003c=6(\u5305\u62ecF)",
"Siemens S7-400 PN/DP 7(\u5305\u62ecF)"
]
},
"referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-02",
"serverity": "\u9ad8",
"submitTime": "2018-11-16",
"title": "Siemens SIMATIC S7-400\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e"
}
fkie_cve-2018-16556
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 03:52
Severity ?
Summary
A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via
PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected
devices to go into defect mode. Manual reboot is required to resume normal
operation.
Successful exploitation requires an attacker to be able to send specially
crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi
Point Interfaces (MPI). No user interaction and no user privileges are
required to exploit the security vulnerability. The vulnerability could allow
causing a denial of service condition of the core functionality of the CPU,
compromising the availability of the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_s7-400_firmware | * | |
| siemens | simatic_s7-400 | - | |
| siemens | simatic_s7-400_pn\/dp_v7_firmware | * | |
| siemens | simatic_s7-400_pn\/dp_v7 | - | |
| siemens | simatic_s7-400h_firmware | * | |
| siemens | simatic_s7-400h | - | |
| siemens | simatic_s7-410_firmware | * | |
| siemens | simatic_s7-410 | - | |
| siemens | simatic_s7-400h_v6_firmware | * | |
| siemens | simatic_s7-400h_v6 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57985BFC-3021-417D-89BA-570DD5803D57",
"versionEndIncluding": "v6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F97B67B-4516-4AD9-B33C-7F480EE0DB4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-400_pn\\/dp_v7_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC44664E-830D-4122-A97A-1AFA61F5BBB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-400_pn\\/dp_v7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C48D93F2-FB6B-4D4D-84FB-3A7CDE89B727",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-400h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0E0C78-913C-449B-957D-028BD73F760E",
"versionEndIncluding": "v4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-400h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1CCAFD-1D34-4893-9B3E-76CAD323179A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-410_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12192D3A-3583-4360-8BF2-FDB6CA9C3FD3",
"versionEndExcluding": "8.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C67EEFE-85A1-4FFB-B049-AB0F9DB9EA99",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-400h_v6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6668A57C-BC46-4008-B174-9E557946ACA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-400h_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D082EB6-3C13-40C1-9949-179DC59037C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions \u003c V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions \u003c V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via\r\nPROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected\r\ndevices to go into defect mode. Manual reboot is required to resume normal\r\noperation.\r\n\r\nSuccessful exploitation requires an attacker to be able to send specially\r\ncrafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi\r\nPoint Interfaces (MPI). No user interaction and no user privileges are\r\nrequired to exploit the security vulnerability. The vulnerability could allow\r\ncausing a denial of service condition of the core functionality of the CPU,\r\ncompromising the availability of the system."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en la familia de CPUs SIMATIC S7-400 DP V7 (incl. variantes SIPLUS) (Todas las versiones), la familia de CPUs SIMATIC S7-400 H V4.5 e inferiores (incl. variantes SIPLUS) (Todas las versiones), la familia de CPUs SIMATIC S7-400 H V6 (incl. variantes SIPLUS) (Todas las versiones). SIPLUS) (Todas las versiones anteriores a V6.0.9), familia de CPU SIMATIC S7-400 PN/DP V6 e inferiores (incl. variantes SIPLUS) (Todas las versiones), familia de CPU SIMATIC S7-410 (incl. variantes SIPLUS) (Todas las versiones anteriores a V8.2.1). Los paquetes especialmente dise\u00f1ados enviados al puerto 102/tcp a trav\u00e9s de la interfaz Ethernet, a trav\u00e9s de PROFIBUS o a trav\u00e9s de las interfaces multipunto (MPI) podr\u00edan hacer que los dispositivos afectados entraran en modo defectuoso. Se requiere un reinicio manual para reanudar el funcionamiento normal. La explotaci\u00f3n exitosa requiere que un atacante sea capaz de enviar paquetes especialmente dise\u00f1ados al puerto 102/tcp a trav\u00e9s de la interfaz Ethernet, a trav\u00e9s de PROFIBUS o de interfaces multipunto (MPI). No se requiere ninguna interacci\u00f3n ni privilegios de usuario para explotar la vulnerabilidad de seguridad. La vulnerabilidad podr\u00eda permitir causar una condici\u00f3n de denegaci\u00f3n de servicio de la funcionalidad del n\u00facleo de la CPU, comprometiendo la disponibilidad del sistema"
}
],
"id": "CVE-2018-16556",
"lastModified": "2024-11-21T03:52:58.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
},
"published": "2018-12-13T16:29:00.477",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
ssa-113131
Vulnerability from csaf_siemens
Published
2018-11-13 00:00
Modified
2023-05-09 00:00
Summary
SSA-113131: Denial of Service Vulnerabilities in SIMATIC S7-400 CPUs
Notes
Summary
Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family
that could allow an attacker to cause a denial of service condition. In order
to exploit the vulnerabilities, an attacker must have access to the affected
devices on port 102/tcp via Ethernet, PROFIBUS or Multi Point Interfaces
(MPI).
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family\nthat could allow an attacker to cause a denial of service condition. In order\nto exploit the vulnerabilities, an attacker must have access to the affected\ndevices on port 102/tcp via Ethernet, PROFIBUS or Multi Point Interfaces\n(MPI). \n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-113131: Denial of Service Vulnerabilities in SIMATIC S7-400 CPUs - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-113131.html"
},
{
"category": "self",
"summary": "SSA-113131: Denial of Service Vulnerabilities in SIMATIC S7-400 CPUs - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-113131.json"
},
{
"category": "self",
"summary": "SSA-113131: Denial of Service Vulnerabilities in SIMATIC S7-400 CPUs - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
},
{
"category": "self",
"summary": "SSA-113131: Denial of Service Vulnerabilities in SIMATIC S7-400 CPUs - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-113131.txt"
}
],
"title": "SSA-113131: Denial of Service Vulnerabilities in SIMATIC S7-400 CPUs",
"tracking": {
"current_release_date": "2023-05-09T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-113131",
"initial_release_date": "2018-11-13T00:00:00Z",
"revision_history": [
{
"date": "2018-11-13T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2019-05-14T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Updated acknowledgements and added solution for S7-400H V6"
},
{
"date": "2020-02-10T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "SIPLUS devices now explicitly mentioned in the list of affected products"
},
{
"date": "2022-08-09T00:00:00Z",
"legacy_version": "1.3",
"number": "4",
"summary": "No fix planned for SIMATIC S7-400 PN/DP V6 and below CPU family, and for SIMATIC S7-400 H V4.5 and below CPU family"
},
{
"date": "2023-01-10T00:00:00Z",
"legacy_version": "1.4",
"number": "5",
"summary": "No fix planned for SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)"
},
{
"date": "2023-05-09T00:00:00Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Expanded SIMATIC S7-400 V7 CPU family (incl. SIPLUS variants) to individual products and MLFBs; added fix for SIMATIC S7-400 PN/DP V7 CPUs; clarified that no fix is planned for other S7-400 V7 CPUs"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 412-1 DP V7 (6ES7412-1XJ07-0AB0)",
"product_id": "1",
"product_identification_helper": {
"model_numbers": [
"6ES7412-1XJ07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 412-1 DP V7 (6ES7412-1XJ07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 412-2 DP V7 (6ES7412-2XK07-0AB0)",
"product_id": "2",
"product_identification_helper": {
"model_numbers": [
"6ES7412-2XK07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 412-2 DP V7 (6ES7412-2XK07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 414-2 DP V7 (6ES7414-2XL07-0AB0)",
"product_id": "3",
"product_identification_helper": {
"model_numbers": [
"6ES7414-2XL07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 414-2 DP V7 (6ES7414-2XL07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 414-3 DP V7 (6ES7414-3XM07-0AB0)",
"product_id": "4",
"product_identification_helper": {
"model_numbers": [
"6ES7414-3XM07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 414-3 DP V7 (6ES7414-3XM07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": " SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0)",
"product_id": "5",
"product_identification_helper": {
"model_numbers": [
"6ES7414-3EM07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": " SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0)",
"product_id": "6",
"product_identification_helper": {
"model_numbers": [
"6ES7414-3FM07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 416-2 DP V7 (6ES7416-2XP07-0AB0)",
"product_id": "7",
"product_identification_helper": {
"model_numbers": [
"6ES7416-2XP07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 416-2 DP V7 (6ES7416-2XP07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 416-3 DP V7 (6ES7416-3XS07-0AB0)",
"product_id": "8",
"product_identification_helper": {
"model_numbers": [
"6ES7416-3XS07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 416-3 DP V7 (6ES7416-3XS07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": " SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0)",
"product_id": "9",
"product_identification_helper": {
"model_numbers": [
"6ES7416-3ES07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 416F-2 DP V7 (6ES7416-2FP07-0AB0)",
"product_id": "10",
"product_identification_helper": {
"model_numbers": [
"6ES7416-2FP07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 416F-2 DP V7 (6ES7416-2FP07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": " SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0)",
"product_id": "11",
"product_identification_helper": {
"model_numbers": [
"6ES7416-3FS07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": " SIMATIC S7-400 CPU 417-4 DP V7 (6ES7417-4XT07-0AB0)",
"product_id": "12",
"product_identification_helper": {
"model_numbers": [
"6ES7417-4XT07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": " SIMATIC S7-400 CPU 417-4 DP V7 (6ES7417-4XT07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": "SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0)",
"product_id": "13",
"product_identification_helper": {
"model_numbers": [
"6ES7412-2EK07-0AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants)",
"product_id": "14"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV6.0.9",
"product": {
"name": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)",
"product_id": "15"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
"product_id": "16"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2.1",
"product": {
"name": "SIMATIC S7-410 CPU family (incl. SIPLUS variants)",
"product_id": "17"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-410 CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": "SIPLUS S7-400 CPU 414-3 PN/DP V7 (6AG1414-3EM07-7AB0)",
"product_id": "18",
"product_identification_helper": {
"model_numbers": [
"6AG1414-3EM07-7AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS S7-400 CPU 414-3 PN/DP V7 (6AG1414-3EM07-7AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV7.0.3",
"product": {
"name": "SIPLUS S7-400 CPU 416-3 PN/DP V7 (6AG1416-3ES07-7AB0)",
"product_id": "19",
"product_identification_helper": {
"model_numbers": [
"6AG1416-3ES07-7AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS S7-400 CPU 416-3 PN/DP V7 (6AG1416-3ES07-7AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPLUS S7-400 CPU 416-3 V7 (6AG1416-3XS07-7AB0)",
"product_id": "20",
"product_identification_helper": {
"model_numbers": [
"6AG1416-3XS07-7AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS S7-400 CPU 416-3 V7 (6AG1416-3XS07-7AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPLUS S7-400 CPU 417-4 V7 (6AG1417-4XT07-7AB0)",
"product_id": "21",
"product_identification_helper": {
"model_numbers": [
"6AG1417-4XT07-7AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS S7-400 CPU 417-4 V7 (6AG1417-4XT07-7AB0)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16556",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Specially crafted packets sent to port 102/tcp via Ethernet interface, via\r\nPROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected\r\ndevices to go into defect mode. Manual reboot is required to resume normal\r\noperation.\r\n\r\nSuccessful exploitation requires an attacker to be able to send specially\r\ncrafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi\r\nPoint Interfaces (MPI). No user interaction and no user privileges are\r\nrequired to exploit the security vulnerability. The vulnerability could allow\r\ncausing a denial of service condition of the core functionality of the CPU,\r\ncompromising the availability of the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Restrict network access to affected devices; restrict network access to port 102/tcp for Ethernet interfaces",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
]
},
{
"category": "mitigation",
"details": "Activate Field Interface Security in PCS 7 V9.0, and use a SIMATIC/SIPLUS CP443-1 Adv. to communicate with ES/OS",
"product_ids": [
"17"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"3",
"4",
"7",
"8",
"10",
"12",
"14",
"16",
"20",
"21"
]
},
{
"category": "vendor_fix",
"details": "Update to V7.0.3 or later version",
"product_ids": [
"5",
"6",
"9",
"11",
"13",
"18",
"19"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109752685/"
},
{
"category": "vendor_fix",
"details": "Update to V6.0.9 or later version",
"product_ids": [
"15"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109474550/"
},
{
"category": "vendor_fix",
"details": "Update to V8.2.1 or later version",
"product_ids": [
"17"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109476571/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
]
}
],
"title": "CVE-2018-16556"
},
{
"cve": "CVE-2018-16557",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "summary",
"text": "Sending of specially crafted packets to port 102/tcp via Ethernet interface\r\nvia PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service\r\ncondition on affected devices. Flashing with a firmware image may be required\r\nto recover the CPU.\r\n\r\nSuccessful exploitation requires an attacker to have network access to port\r\n102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or\r\nMulti Point Interfaces (MPI) to the device. No user interaction is required.\r\nIf no access protection is configured, no privileges are required to exploit\r\nthe security vulnerability. The vulnerability could allow causing a\r\ndenial of service condition of the core functionality of the CPU,\r\ncompromising the availability of the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
]
},
"remediations": [
{
"category": "mitigation",
"details": "CVE-2018-16557: Configure protection level 3 (read/write protection)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
]
},
{
"category": "mitigation",
"details": "Restrict network access to affected devices; restrict network access to port 102/tcp for Ethernet interfaces",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
]
},
{
"category": "mitigation",
"details": "Activate Field Interface Security in PCS 7 V9.0, and use a SIMATIC/SIPLUS CP443-1 Adv. to communicate with ES/OS",
"product_ids": [
"17"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"3",
"4",
"7",
"8",
"10",
"12",
"14",
"16",
"20",
"21"
]
},
{
"category": "vendor_fix",
"details": "Update to V7.0.3 or later version",
"product_ids": [
"5",
"6",
"9",
"11",
"13",
"18",
"19"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109752685/"
},
{
"category": "vendor_fix",
"details": "Update to V6.0.9 or later version",
"product_ids": [
"15"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109474550/"
},
{
"category": "vendor_fix",
"details": "Update to V8.2.1 or later version",
"product_ids": [
"17"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109476571/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
]
}
],
"title": "CVE-2018-16557"
}
]
}
gsd-2018-16556
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via
PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected
devices to go into defect mode. Manual reboot is required to resume normal
operation.
Successful exploitation requires an attacker to be able to send specially
crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi
Point Interfaces (MPI). No user interaction and no user privileges are
required to exploit the security vulnerability. The vulnerability could allow
causing a denial of service condition of the core functionality of the CPU,
compromising the availability of the system.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-16556",
"description": "A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions \u003c V6.0.9), SIMATIC S7-410 (All versions \u003c V8.2.1). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.",
"id": "GSD-2018-16556"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-16556"
],
"details": "A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions \u003c V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions \u003c V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via\r\nPROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected\r\ndevices to go into defect mode. Manual reboot is required to resume normal\r\noperation.\r\n\r\nSuccessful exploitation requires an attacker to be able to send specially\r\ncrafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi\r\nPoint Interfaces (MPI). No user interaction and no user privileges are\r\nrequired to exploit the security vulnerability. The vulnerability could allow\r\ncausing a denial of service condition of the core functionality of the CPU,\r\ncompromising the availability of the system.",
"id": "GSD-2018-16556",
"modified": "2023-12-13T01:22:25.742578Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": " SIMATIC S7-400 CPU 412-1 DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 412-2 DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 414-2 DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 414-3 DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 414-3 PN/DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions \u003c V7.0.3"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 414F-3 PN/DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions \u003c V7.0.3"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 416-2 DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 416-3 DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 416-3 PN/DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions \u003c V7.0.3"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 416F-2 DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 416F-3 PN/DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions \u003c V7.0.3"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 417-4 DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 CPU 412-2 PN V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions \u003c V7.0.3"
}
]
}
},
{
"product_name": "SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions \u003c V6.0.9"
}
]
}
},
{
"product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-410 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions \u003c V8.2.1"
}
]
}
},
{
"product_name": "SIPLUS S7-400 CPU 414-3 PN/DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions \u003c V7.0.3"
}
]
}
},
{
"product_name": "SIPLUS S7-400 CPU 416-3 PN/DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions \u003c V7.0.3"
}
]
}
},
{
"product_name": "SIPLUS S7-400 CPU 416-3 V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIPLUS S7-400 CPU 417-4 V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions \u003c V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions \u003c V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via\r\nPROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected\r\ndevices to go into defect mode. Manual reboot is required to resume normal\r\noperation.\r\n\r\nSuccessful exploitation requires an attacker to be able to send specially\r\ncrafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi\r\nPoint Interfaces (MPI). No user interaction and no user privileges are\r\nrequired to exploit the security vulnerability. The vulnerability could allow\r\ncausing a denial of service condition of the core functionality of the CPU,\r\ncompromising the availability of the system."
}
]
},
"impact": {
"cvss": [
{
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-20",
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "v6.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_pn\\/dp_v7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400_pn\\/dp_v7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400h_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "v4.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-410_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.2.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-410:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400h_v6_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400h_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16556"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions \u003c V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions \u003c V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via\r\nPROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected\r\ndevices to go into defect mode. Manual reboot is required to resume normal\r\noperation.\r\n\r\nSuccessful exploitation requires an attacker to be able to send specially\r\ncrafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi\r\nPoint Interfaces (MPI). No user interaction and no user privileges are\r\nrequired to exploit the security vulnerability. The vulnerability could allow\r\ncausing a denial of service condition of the core functionality of the CPU,\r\ncompromising the availability of the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-05-09T13:15Z",
"publishedDate": "2018-12-13T16:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…