All the vulnerabilites related to Siemens - SINUMERIK 840D sl
cve-2019-10936
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "dk_standard_ethernet_controller_firmware", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ek-ertec_200_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ek-ertec_200_firmware", "vendor": "siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ek-ertec_200p_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ek-ertec_200p_firmware", "vendor": "siemens", "versions": [ { "lessThan": "4.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cfu_pa:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cfu_pa", "vendor": "siemens", "versions": [ { "lessThan": "v1.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:simatic_et200ecopn_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_et200ecopn_firmware", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:simatic_et200s_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_et200s_firmware", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:simatic_et_200al_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_et_200al_firmware", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:simatic_et_200m_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_et_200m_firmware", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:simatic_et_200mp_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_et_200mp_firmware", "vendor": "siemens", "versions": [ { "lessThan": "v4.3.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:simatic_et_200pro_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_et_200pro_firmware", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:simatic_et_200s_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_et_200s_firmware", "vendor": "siemens", "versions": [ { "lessThan": "v3.2.17", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:simatic_et_200sp_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_et_200sp_firmware", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_hmi_comfort_outdoor_panels", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_pn\\/pn_coupler_6es7158-3ad01-0xa0:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_pn\\/pn_coupler_6es7158-3ad01-0xa0", "vendor": "siemens", "versions": [ { "lessThan": "v4.2.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_profinet_driver:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_profinet_driver", "vendor": "siemens", "versions": [ { "lessThan": "v2.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:simatic_s7-300_cpu_314_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_s7-300_cpu_314_firmware", "vendor": "siemens", "versions": [ { "lessThan": "v3.2.17", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_s7-300_cpu_315-2_dp_firmware", "vendor": "siemens", "versions": [ { "lessThan": "v3.2.17", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:simatic_s7-300_cpu_315f-2_dp_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_s7-300_cpu_315f-2_dp_firmware", "vendor": "siemens", "versions": [ { "lessThan": "v3.2.17", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_dp_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_s7-300_cpu_317-2_dp_firmware", "vendor": "siemens", "versions": [ { "lessThan": "v3.2.17", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_pn\\/dp_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_s7-300_cpu_317-2_pn\\/dp_firmware", "vendor": "siemens", "versions": [ { "lessThan": "v3.2.17", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:simatic_s7-300_cpu_319-3_pn\\/dp_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_s7-300_cpu_319-3_pn\\/dp_firmware", "vendor": "siemens", "versions": [ { "lessThan": "v3.2.17", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_s7-400_cpu_412-2_pn:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_s7-400_cpu_412-2_pn", "vendor": "siemens", "versions": [ { "lessThan": "v7.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3_pn\\/dp:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_s7-400_cpu_414-3_pn\\/dp", "vendor": "siemens", "versions": [ { "lessThan": "v7.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3_pn\\/dp:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_s7-400_cpu_416-3_pn\\/dp", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "v7.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:simatic_s7-400_h_v6_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_s7-400_h_v6_firmware", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "v6.0.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:simatic_s7-400_pn\\/dp_v6_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_s7-400_pn\\/dp_v6_firmware", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:simatic_s7-410_cpu_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_s7-410_cpu_firmware", "vendor": "siemens", "versions": [ { "lessThan": "v8.2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_s7-1200_cpu:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_s7-1200_cpu", "vendor": "siemens", "versions": [ { "lessThan": "v4.4.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_s7-1500_cpu:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_s7-1500_cpu", "vendor": "siemens", "versions": [ { "lessThan": "v2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_s7-1500_controller:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_s7-1500_controller", "vendor": "siemens", "versions": [ { "lessThan": "v2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_tdc_cp51m1_firmware", "vendor": "siemens", "versions": [ { "lessThan": "v1.1.8", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:simatic_tdc_cpu555_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_tdc_cpu555_firmware", "vendor": "siemens", "versions": [ { "lessThan": "v1.1.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:simatic_winac_rtx_2010:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_winac_rtx_2010", "vendor": "siemens", "versions": [ { "lessThan": "v2010_sp3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_winac_rtx_\\(f\\)_2010:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_winac_rtx_\\(f\\)_2010", "vendor": "siemens", "versions": [ { "lessThan": "v2010_sp3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:sinamics_dcm:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinamics_dcm", "vendor": "siemens", "versions": [ { "lessThan": "v1.5_hf1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinamics_dcp", "vendor": "siemens", "versions": [ { "lessThan": "v1.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:sinamics_g110m:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinamics_g110m", "vendor": "siemens", "versions": [ { "lessThan": "v4.7_sp10_hf5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:sinamics_g120:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinamics_g120", "vendor": "siemens", "versions": [ { "lessThan": "v4.7_sp10_hf5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:sinamics_g130:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinamics_g130", "vendor": "siemens", "versions": [ { "lessThan": "v4.8", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:sinamics_g150:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinamics_g150", "vendor": "siemens", "versions": [ { "lessThan": "v4.8", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:sinamics_gh150:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinamics_gh150", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:sinamics_gl150:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinamics_gl150", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:sinamics_gm150:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinamics_gm150", "vendor": "siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:sinamics_s110:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinamics_s110", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinamics_s120", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:sinamics_sl150:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinamics_sl150", "vendor": "siemens", "versions": [ { "lessThan": "v4.8", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:sinamics_sl150:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinamics_sl150", "vendor": "siemens", "versions": [ { "lessThan": "v4.7_hf33", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:sinamics_sm120:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinamics_sm120", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:sinumerik_828d:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinumerik_828d", "vendor": "siemens", "versions": [ { "lessThan": "v4.8_sp5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinumerik_840d_sl", "vendor": "siemens", "versions": [ { "lessThan": "v4.8_sp6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:siplus_s7-300_cpu_314:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_s7-300_cpu_314", "vendor": "siemens", "versions": [ { "lessThan": "v3.3.17", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2019-10936", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T14:36:59.481395Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T15:59:12.602Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T22:40:15.253Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-473245.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.6 Patch 01" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CFU PA", "vendor": "Siemens", "versions": [ { "lessThan": "V1.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200AL IM 157-1 PN", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200M (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200MP IM 155-5 PN BA", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200MP IM 155-5 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.4.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200MP IM 155-5 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200MP IM 155-5 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM 154-3 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM 154-4 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM 154-8 PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM 154-8F PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM 154-8FX PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200S IM 151-8 PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200S IM 151-8F PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN BA", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.2.1" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN HS", "vendor": "Siemens", "versions": [ { "lessThan": "V4.0.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN ST BA", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN ST BA", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN/2 HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN/3 HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 4AO U/I 4xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN: IO-Link Master", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200S (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC HMI Comfort Outdoor Panels (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC HMI KTP Mobile Panels", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC PN/PN Coupler", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.2.1" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC PROFINET Driver", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.1" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.4.0" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.0" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-1500 Software Controller", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.0" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 314C-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 315-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 315F-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 315T-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 317-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 317F-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 317T-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 317TF-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 319-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 319F-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 CPU 412-2 PN V7", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 CPU 414-3 PN/DP V7", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 CPU 414F-3 PN/DP V7", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 CPU 416-3 PN/DP V7", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 CPU 416F-3 PN/DP V7", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V6.0.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V8.2.2" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC TDC CP51M1", "vendor": "Siemens", "versions": [ { "lessThan": "V1.1.8", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC TDC CPU555", "vendor": "Siemens", "versions": [ { "lessThan": "V1.1.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinAC RTX 2010", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2010 SP3" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinAC RTX F 2010", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2010 SP3" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS DCM", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.5 HF1" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS DCP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.3" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G110M V4.7 PN Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7 SP10 HF5" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7 SP10 HF5" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G130 V4.7 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 4.8" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G150 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 4.8" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GH150 V4.7 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GL150 V4.7 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GM150 V4.7 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S110 Control Unit", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S150 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 4.8" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS SL150 V4.7 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7 HF33" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS SM120 V4.7 Control Unit", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SINUMERIK 828D", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 SP5" } ] }, { "defaultStatus": "unknown", "product": "SINUMERIK 840D sl", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 SP6" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.4.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.4.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V4.4.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200S IM 151-8 PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200S IM 151-8F PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN HF TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST BA", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST BA", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET PN/PN Coupler", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.2.1" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 314C-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.17" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 315-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 315F-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 317-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 317F-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-400 CPU 414-3 PN/DP V7", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-400 CPU 416-3 PN/DP V7", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Affected devices improperly handle large amounts of specially crafted UDP packets.\r\n\r\nThis could allow an unauthenticated remote attacker to trigger a denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:03:55.957Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-473245.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-10936", "datePublished": "2019-10-10T00:00:00", "dateReserved": "2019-04-08T00:00:00", "dateUpdated": "2024-08-04T22:40:15.253Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12741
Vulnerability from cvelistv5
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:51:06.315Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "101964", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "https://www.securityfocus.com/bid/101964" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-346262.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-546832.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-141614.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.1 Patch 05" } ] }, { "defaultStatus": "unknown", "product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.5" } ] }, { "defaultStatus": "unknown", "product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.5" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Compact Field Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200AL IM 157-1 PN", "vendor": "Siemens", "versions": [ { "lessThan": "V1.0.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200M (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200MP IM 155-5 PN BA", "vendor": "Siemens", "versions": [ { "lessThan": "V4.0.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200MP IM 155-5 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200MP IM 155-5 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM 154-3 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM 154-4 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN BA", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.1.0" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN HS", "vendor": "Siemens", "versions": [ { "lessThan": "V4.0.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN ST BA", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN ST BA", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 4AO U/I 4xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN: IO-Link Master", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200S (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.2.0" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.2.3" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.0" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-1500 Software Controller", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.0" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-200 SMART", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.03.01" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.X.16", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 H V6\u00a0and below\u00a0CPU family (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V6.0.8", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V6.0.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V8.2.1" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC TDC CP51M1", "vendor": "Siemens", "versions": [ { "lessThan": "V1.1.8", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC TDC CPU555", "vendor": "Siemens", "versions": [ { "lessThan": "V1.1.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinAC RTX 2010", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2010 SP3" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinAC RTX F 2010", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2010 SP3" } ] }, { "defaultStatus": "unknown", "product": "SIMOCODE pro V PROFINET (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.1.1" } ] }, { "defaultStatus": "unknown", "product": "SIMOTION C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.1 HF1" } ] }, { "defaultStatus": "unknown", "product": "SIMOTION D", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.1 HF1" } ] }, { "defaultStatus": "unknown", "product": "SIMOTION D4xx V4.4 for SINAMICS SM150i-2 w. PROFINET (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.4 HF26" } ] }, { "defaultStatus": "unknown", "product": "SIMOTION P V4.4 and V4.5", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.5 HF5" } ] }, { "defaultStatus": "unknown", "product": "SIMOTION P V5", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.1 HF1" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS DCM w. PN", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.4 SP1 HF6" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS DCP w. PN", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.2 HF2" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G110M w. PN", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7 SP9 HF1" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7 SP9 HF1" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G130 V4.7 w. PN", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7 HF29" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G130 V4.8 w. PN", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 HF4" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G150 V4.7 w. PN", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7 HF29" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G150 V4.8 w. PN", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 HF4" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GH150 V4.7 w. PROFINET", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7 SP5 HF7" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GL150 V4.7 w. PROFINET", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 SP2" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GM150 V4.7 w. PROFINET", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7 HF31" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S110 w. PN", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.4 SP3 HF6" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7 HF29" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 HF5" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S150 V4.7 w. PN", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7 HF29" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S150 V4.8 w. PN", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 HF4" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS SL150 V4.7.0 w. PROFINET", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7 HF30" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS SL150 V4.7.4 w. PROFINET", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 SP2" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS SL150 V4.7.5 w. PROFINET", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 SP2" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS SM120 V4.7 w. PROFINET", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 SP2" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS V90 w. PN", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.02" } ] }, { "defaultStatus": "unknown", "product": "SINUMERIK 840D sl", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 SP3" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST BA", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST BA", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIRIUS Soft Starter 3RW44 PN", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] } ], "descriptions": [ { "lang": "en", "value": "Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:03:53.948Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "name": "101964", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "https://www.securityfocus.com/bid/101964" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-346262.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-546832.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-141614.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2017-12741", "datePublished": "2017-12-26T04:00:00", "dateReserved": "2017-08-09T00:00:00", "dateUpdated": "2024-08-05T18:51:06.315Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-15783
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T13:22:30.725Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC TDC CPU555", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SINUMERIK 840D sl", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-10T11:16:39", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-15783", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC TDC CPU555", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SINUMERIK 840D sl", "version": { "version_data": [ { "version_value": "All versions" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-15783", "datePublished": "2020-11-12T19:21:09", "dateReserved": "2020-07-15T00:00:00", "dateUpdated": "2024-08-04T13:22:30.725Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-15791
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T13:22:30.753Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC S7-400 CPU family (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC WinAC RTX (F) 2010", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SINUMERIK 840D sl", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-12-14T21:05:18", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-15791", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC S7-400 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC WinAC RTX (F) 2010", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SINUMERIK 840D sl", "version": { "version_data": [ { "version_value": "All versions" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-522: Insufficiently Protected Credentials" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-15791", "datePublished": "2020-09-09T18:13:11", "dateReserved": "2020-07-15T00:00:00", "dateUpdated": "2024-08-04T13:22:30.753Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-10923
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:40:15.265Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.1 Patch 05" } ] }, { "defaultStatus": "unknown", "product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.5.0 Patch 01" } ] }, { "defaultStatus": "unknown", "product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.5.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X-200IRT family (incl. SIPLUS NET variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.2.1" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200M (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200MP IM 155-5 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200MP IM 155-5 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM 154-3 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM 154-4 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM 154-8 PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM 154-8F PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM 154-8FX PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200S IM 151-8 PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200S IM 151-8F PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN ST BA", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 4AO U/I 4xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN: IO-Link Master", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200S (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC NET CP 1604", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.8" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC NET CP 1616", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.8" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 314C-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 315-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 315F-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 315T-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 317-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 317F-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 317T-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 317TF-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 319-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 319F-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 CPU 412-2 PN V7", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 CPU 414-3 PN/DP V7", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 CPU 414F-3 PN/DP V7", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 CPU 416-3 PN/DP V7", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 CPU 416F-3 PN/DP V7", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinAC RTX 2010", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2010 SP3" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinAC RTX F 2010", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2010 SP3" } ] }, { "defaultStatus": "unknown", "product": "SIMOTION", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS DCM", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.5 HF1" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS DCP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.3" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G110M V4.7 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7 SP10 HF5" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7 SP10 HF5" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G130 V4.7 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7 HF29" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G150 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GH150 V4.7 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GL150 V4.7 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GM150 V4.7 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S110 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7 HF34" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S150 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS SL150 V4.7 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7 HF33" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS SM120 V4.7 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINUMERIK 828D", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 SP5" } ] }, { "defaultStatus": "unknown", "product": "SINUMERIK 840D sl", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 SP5" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200S IM 151-8 PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200S IM 151-8F PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST BA", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 314C-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.17" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 315-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 315F-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 317-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 317F-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.17" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-400 CPU 414-3 PN/DP V7", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-400 CPU 416-3 PN/DP V7", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-10T09:33:22.534Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-349422.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-10923", "datePublished": "2019-10-10T13:49:24", "dateReserved": "2019-04-08T00:00:00", "dateUpdated": "2024-09-10T09:33:22.534Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-201812-0452
Vulnerability from variot
A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated web server on port 4842/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 4842/tcp. Please note that this vulnerability is only exploitable if port 4842/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices on port 4842/tcp. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the web server. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 828D and SINUMERIK 840D Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A heap buffer overflow vulnerability exists in the Siemens SINUMERIK CNC Controller. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities: 1. A heap based buffer-overflow vulnerability. 2. An integer overflow vulnerability. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0452", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sinumerik 828d v4.7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl v4.8", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl v4.7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 840d sl", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 840d sp6 hf5", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 840d sp3", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 828d sp6 hf1", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 828d v4.7", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl v4.8", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl v4.7", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl sp3", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl sp6 hf5", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d sp6 hf1", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 828d v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl v4 8", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7d823502-463f-11e9-8a07-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25413" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013321" }, { "db": "NVD", "id": "CVE-2018-11457" }, { "db": "CNNVD", "id": "CNNVD-201812-598" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_828d_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_v4.8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl_v4.8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-11457" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.", "sources": [ { "db": "BID", "id": "106185" } ], "trust": 0.3 }, "cve": "CVE-2018-11457", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2018-11457", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2018-25413", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "7d823502-463f-11e9-8a07-000c29342cb1", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-121318", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-11457", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-11457", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-25413", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201812-598", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "7d823502-463f-11e9-8a07-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-121318", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "7d823502-463f-11e9-8a07-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25413" }, { "db": "VULHUB", "id": "VHN-121318" }, { "db": "JVNDB", "id": "JVNDB-2018-013321" }, { "db": "NVD", "id": "CVE-2018-11457" }, { "db": "CNNVD", "id": "CNNVD-201812-598" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). The integrated web server on port 4842/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 4842/tcp. Please note that this vulnerability is only exploitable if port 4842/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices on port 4842/tcp. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the web server. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 828D and SINUMERIK 840D Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A heap buffer overflow vulnerability exists in the Siemens SINUMERIK CNC Controller. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities:\n1. A heap based buffer-overflow vulnerability. \n2. An integer overflow vulnerability. \n3. A security bypass vulnerability. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc", "sources": [ { "db": "NVD", "id": "CVE-2018-11457" }, { "db": "JVNDB", "id": "JVNDB-2018-013321" }, { "db": "CNVD", "id": "CNVD-2018-25413" }, { "db": "BID", "id": "106185" }, { "db": "IVD", "id": "7d823502-463f-11e9-8a07-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-121318" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-11457", "trust": 3.6 }, { "db": "SIEMENS", "id": "SSA-170881", "trust": 2.6 }, { "db": "BID", "id": "106185", "trust": 2.0 }, { "db": "ICS CERT", "id": "ICSA-18-345-02", "trust": 1.1 }, { "db": "CNNVD", "id": "CNNVD-201812-598", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-25413", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-013321", "trust": 0.8 }, { "db": "IVD", "id": "7D823502-463F-11E9-8A07-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-121318", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7d823502-463f-11e9-8a07-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25413" }, { "db": "VULHUB", "id": "VHN-121318" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013321" }, { "db": "NVD", "id": "CVE-2018-11457" }, { "db": "CNNVD", "id": "CNNVD-201812-598" } ] }, "id": "VAR-201812-0452", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "7d823502-463f-11e9-8a07-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25413" }, { "db": "VULHUB", "id": "VHN-121318" } ], "trust": 1.7086762260000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "7d823502-463f-11e9-8a07-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25413" } ] }, "last_update_date": "2023-12-18T12:00:51.044000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-170881", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "title": "Patches for multiple Siemens product heap buffer overflow vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/147309" }, { "title": "Multiple Siemens Product Buffer Error Vulnerability Fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87842" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25413" }, { "db": "JVNDB", "id": "JVNDB-2018-013321" }, { "db": "CNNVD", "id": "CNNVD-201812-598" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-264", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013321" }, { "db": "NVD", "id": "CVE-2018-11457" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/106185" }, { "trust": 1.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11457" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11457" }, { "trust": 0.3, "url": "http://subscriber.communications.siemens.com/" }, { "trust": 0.3, "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25413" }, { "db": "VULHUB", "id": "VHN-121318" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013321" }, { "db": "NVD", "id": "CVE-2018-11457" }, { "db": "CNNVD", "id": "CNNVD-201812-598" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "7d823502-463f-11e9-8a07-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25413" }, { "db": "VULHUB", "id": "VHN-121318" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013321" }, { "db": "NVD", "id": "CVE-2018-11457" }, { "db": "CNNVD", "id": "CNNVD-201812-598" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-14T00:00:00", "db": "IVD", "id": "7d823502-463f-11e9-8a07-000c29342cb1" }, { "date": "2018-12-14T00:00:00", "db": "CNVD", "id": "CNVD-2018-25413" }, { "date": "2018-12-12T00:00:00", "db": "VULHUB", "id": "VHN-121318" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-02-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013321" }, { "date": "2018-12-12T16:29:00.247000", "db": "NVD", "id": "CVE-2018-11457" }, { "date": "2018-12-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-598" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-14T00:00:00", "db": "CNVD", "id": "CNVD-2018-25413" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-121318" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-03-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013321" }, { "date": "2019-10-09T23:33:32.667000", "db": "NVD", "id": "CVE-2018-11457" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-598" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-598" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SINUMERIK 828D and SINUMERIK 840D Vulnerabilities related to authorization, permissions, and access control", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013321" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-598" } ], "trust": 0.6 } }
var-201812-0460
Vulnerability from variot
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could use ioctl calls to do out of bounds reads, arbitrary writes, or execute code in kernel mode. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. Security vulnerabilities exist in several Siemens products. A heap based buffer-overflow vulnerability. 2. An integer overflow vulnerability. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0460", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sinumerik 840d sl v4.8", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 808d v4.7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinumerik 828d v4.7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d v4.8", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinumerik 840d sl v4.7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 840d sl", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 840d sp6 hf5", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 840d sp3", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 828d sp6 hf1", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 808d v4.8", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinumerik 808d v4.7", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d v4.7", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl v4.8", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl v4.7", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl sp3", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl sp6 hf5", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d sp6 hf1", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 808d v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 808d v4 8", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 828d v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl v4 8", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7d8171b1-463f-11e9-8168-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25422" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013319" }, { "db": "NVD", "id": "CVE-2018-11465" }, { "db": "CNNVD", "id": "CNNVD-201812-606" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_808d_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_808d_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_808d_v4.8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_808d_v4.8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_828d_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_v4.8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl_v4.8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-11465" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.", "sources": [ { "db": "BID", "id": "106185" } ], "trust": 0.3 }, "cve": "CVE-2018-11465", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.2, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2018-11465", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2018-25422", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "7d8171b1-463f-11e9-8168-000c29342cb1", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "VHN-121327", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-11465", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-11465", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-25422", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201812-606", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "7d8171b1-463f-11e9-8168-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-121327", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "7d8171b1-463f-11e9-8168-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25422" }, { "db": "VULHUB", "id": "VHN-121327" }, { "db": "JVNDB", "id": "JVNDB-2018-013319" }, { "db": "NVD", "id": "CVE-2018-11465" }, { "db": "CNNVD", "id": "CNNVD-201812-606" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). A local attacker could use ioctl calls to do out of bounds reads, arbitrary writes, or execute code in kernel mode. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. Security vulnerabilities exist in several Siemens products. A heap based buffer-overflow vulnerability. \n2. An integer overflow vulnerability. \n3. A security bypass vulnerability. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc", "sources": [ { "db": "NVD", "id": "CVE-2018-11465" }, { "db": "JVNDB", "id": "JVNDB-2018-013319" }, { "db": "CNVD", "id": "CNVD-2018-25422" }, { "db": "BID", "id": "106185" }, { "db": "IVD", "id": "7d8171b1-463f-11e9-8168-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-121327" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-11465", "trust": 3.6 }, { "db": "SIEMENS", "id": "SSA-170881", "trust": 2.6 }, { "db": "BID", "id": "106185", "trust": 2.0 }, { "db": "ICS CERT", "id": "ICSA-18-345-02", "trust": 1.1 }, { "db": "CNNVD", "id": "CNNVD-201812-606", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-25422", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-013319", "trust": 0.8 }, { "db": "IVD", "id": "7D8171B1-463F-11E9-8168-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-121327", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7d8171b1-463f-11e9-8168-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25422" }, { "db": "VULHUB", "id": "VHN-121327" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013319" }, { "db": "NVD", "id": "CVE-2018-11465" }, { "db": "CNNVD", "id": "CNNVD-201812-606" } ] }, "id": "VAR-201812-0460", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "7d8171b1-463f-11e9-8168-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25422" }, { "db": "VULHUB", "id": "VHN-121327" } ], "trust": 1.7086762260000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "7d8171b1-463f-11e9-8168-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25422" } ] }, "last_update_date": "2023-12-18T12:00:50.780000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-170881", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "title": "Patches for multiple Siemens product local access vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/147329" }, { "title": "Multiple Siemens Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87850" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25422" }, { "db": "JVNDB", "id": "JVNDB-2018-013319" }, { "db": "CNNVD", "id": "CNNVD-201812-606" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-121327" }, { "db": "JVNDB", "id": "JVNDB-2018-013319" }, { "db": "NVD", "id": "CVE-2018-11465" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/106185" }, { "trust": 1.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11465" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11465" }, { "trust": 0.3, "url": "http://subscriber.communications.siemens.com/" }, { "trust": 0.3, "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25422" }, { "db": "VULHUB", "id": "VHN-121327" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013319" }, { "db": "NVD", "id": "CVE-2018-11465" }, { "db": "CNNVD", "id": "CNNVD-201812-606" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "7d8171b1-463f-11e9-8168-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25422" }, { "db": "VULHUB", "id": "VHN-121327" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013319" }, { "db": "NVD", "id": "CVE-2018-11465" }, { "db": "CNNVD", "id": "CNNVD-201812-606" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-14T00:00:00", "db": "IVD", "id": "7d8171b1-463f-11e9-8168-000c29342cb1" }, { "date": "2018-12-14T00:00:00", "db": "CNVD", "id": "CNVD-2018-25422" }, { "date": "2018-12-12T00:00:00", "db": "VULHUB", "id": "VHN-121327" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-02-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013319" }, { "date": "2018-12-12T16:29:00.653000", "db": "NVD", "id": "CVE-2018-11465" }, { "date": "2018-12-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-606" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-14T00:00:00", "db": "CNVD", "id": "CNVD-2018-25422" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-121327" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-03-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013319" }, { "date": "2019-10-09T23:33:34.120000", "db": "NVD", "id": "CVE-2018-11465" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-606" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-606" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural SINUMERIK Product out-of-bounds vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013319" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "7d8171b1-463f-11e9-8168-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201812-606" } ], "trust": 0.8 } }
var-201812-0456
Vulnerability from variot
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker with user privileges could use the service command application for privilege escalation to an elevated user but not root. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A Permission Access Control Vulnerability exists in the Siemens SINUMERIK CNC Controller. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities: 1. A heap based buffer-overflow vulnerability. 2. An integer overflow vulnerability. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0456", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sinumerik 840d sl v4.8", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 808d v4.7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinumerik 828d v4.7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d v4.8", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinumerik 840d sl v4.7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 840d sl", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 840d sp6 hf5", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 840d sp3", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 828d sp6 hf1", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 808d v4.8", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinumerik 808d v4.7", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d v4.7", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl v4.8", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl v4.7", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl sp3", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl sp6 hf5", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d sp6 hf1", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 808d v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 808d v4 8", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 828d v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl v4 8", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7d81e6df-463f-11e9-b66b-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25418" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013316" }, { "db": "NVD", "id": "CVE-2018-11461" }, { "db": "CNNVD", "id": "CNNVD-201812-602" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_808d_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_808d_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_808d_v4.8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_808d_v4.8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_828d_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl_v4.7:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_v4.8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl_v4.8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-11461" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.", "sources": [ { "db": "BID", "id": "106185" } ], "trust": 0.3 }, "cve": "CVE-2018-11461", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-11461", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CNVD-2018-25418", "impactScore": 8.5, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:C/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "7d81e6df-463f-11e9-b66b-000c29342cb1", "impactScore": 8.5, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:L/AC:L/Au:N/C:P/I:C/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "VHN-121323", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "impactScore": 4.7, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "Low", "baseScore": 6.6, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2018-11461", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-11461", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2018-25418", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201812-602", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "7d81e6df-463f-11e9-b66b-000c29342cb1", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-121323", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "7d81e6df-463f-11e9-b66b-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25418" }, { "db": "VULHUB", "id": "VHN-121323" }, { "db": "JVNDB", "id": "JVNDB-2018-013316" }, { "db": "NVD", "id": "CVE-2018-11461" }, { "db": "CNNVD", "id": "CNNVD-201812-602" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). A local attacker with user privileges could use the service command application for privilege escalation to an elevated user but not root. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A Permission Access Control Vulnerability exists in the Siemens SINUMERIK CNC Controller. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities:\n1. A heap based buffer-overflow vulnerability. \n2. An integer overflow vulnerability. \n3. A security bypass vulnerability. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc", "sources": [ { "db": "NVD", "id": "CVE-2018-11461" }, { "db": "JVNDB", "id": "JVNDB-2018-013316" }, { "db": "CNVD", "id": "CNVD-2018-25418" }, { "db": "BID", "id": "106185" }, { "db": "IVD", "id": "7d81e6df-463f-11e9-b66b-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-121323" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-11461", "trust": 3.6 }, { "db": "BID", "id": "106185", "trust": 2.0 }, { "db": "SIEMENS", "id": "SSA-170881", "trust": 2.0 }, { "db": "ICS CERT", "id": "ICSA-18-345-02", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-201812-602", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-25418", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-013316", "trust": 0.8 }, { "db": "IVD", "id": "7D81E6DF-463F-11E9-B66B-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-121323", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7d81e6df-463f-11e9-b66b-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25418" }, { "db": "VULHUB", "id": "VHN-121323" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013316" }, { "db": "NVD", "id": "CVE-2018-11461" }, { "db": "CNNVD", "id": "CNNVD-201812-602" } ] }, "id": "VAR-201812-0456", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "7d81e6df-463f-11e9-b66b-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25418" }, { "db": "VULHUB", "id": "VHN-121323" } ], "trust": 1.7086762260000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "7d81e6df-463f-11e9-b66b-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25418" } ] }, "last_update_date": "2023-12-18T12:00:50.932000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-170881", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "title": "Patches for multiple Siemens product access control vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/147319" }, { "title": "Multiple Siemens Product Privilege License and Access Control Vulnerability Fixes", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87846" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25418" }, { "db": "JVNDB", "id": "JVNDB-2018-013316" }, { "db": "CNNVD", "id": "CNNVD-201812-602" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-264", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013316" }, { "db": "NVD", "id": "CVE-2018-11461" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "trust": 1.7, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/106185" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11461" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11461" }, { "trust": 0.3, "url": "http://subscriber.communications.siemens.com/" }, { "trust": 0.3, "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25418" }, { "db": "VULHUB", "id": "VHN-121323" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013316" }, { "db": "NVD", "id": "CVE-2018-11461" }, { "db": "CNNVD", "id": "CNNVD-201812-602" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "7d81e6df-463f-11e9-b66b-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25418" }, { "db": "VULHUB", "id": "VHN-121323" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013316" }, { "db": "NVD", "id": "CVE-2018-11461" }, { "db": "CNNVD", "id": "CNNVD-201812-602" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-14T00:00:00", "db": "IVD", "id": "7d81e6df-463f-11e9-b66b-000c29342cb1" }, { "date": "2018-12-14T00:00:00", "db": "CNVD", "id": "CNVD-2018-25418" }, { "date": "2018-12-12T00:00:00", "db": "VULHUB", "id": "VHN-121323" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-02-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013316" }, { "date": "2018-12-12T16:29:00.450000", "db": "NVD", "id": "CVE-2018-11461" }, { "date": "2018-12-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-602" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-14T00:00:00", "db": "CNVD", "id": "CNVD-2018-25418" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-121323" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-03-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013316" }, { "date": "2019-10-09T23:33:33.370000", "db": "NVD", "id": "CVE-2018-11461" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-602" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-602" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural SINUMERIK Vulnerabilities related to authorization, authority, and access control in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013316" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-602" } ], "trust": 0.6 } }
var-201812-0457
Vulnerability from variot
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). By sending a specially crafted authentication request to the affected systems a remote attacker could escalate his privileges to an elevated user account but not to root. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. Permission access control vulnerabilities exist in several Siemens products. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities: 1. A heap based buffer-overflow vulnerability. 2. An integer overflow vulnerability. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0457", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sinumerik 840d sl v4.8", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 808d v4.7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinumerik 828d v4.7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d v4.8", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinumerik 840d sl v4.7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 840d sl", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 840d sp6 hf5", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 840d sp3", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 828d sp6 hf1", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 808d v4.8", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinumerik 808d v4.7", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d v4.7", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl v4.8", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl v4.7", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl sp3", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl sp6 hf5", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d sp6 hf1", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 808d v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 808d v4 8", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 828d v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl v4 8", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25419" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013317" }, { "db": "NVD", "id": "CVE-2018-11462" }, { "db": "CNNVD", "id": "CNNVD-201812-603" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_808d_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_808d_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_808d_v4.8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_808d_v4.8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_828d_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_v4.8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl_v4.8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-11462" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.", "sources": [ { "db": "BID", "id": "106185" } ], "trust": 0.3 }, "cve": "CVE-2018-11462", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-11462", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2018-25419", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-121324", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-11462", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-11462", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2018-25419", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201812-603", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-121324", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-11462", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25419" }, { "db": "VULHUB", "id": "VHN-121324" }, { "db": "VULMON", "id": "CVE-2018-11462" }, { "db": "JVNDB", "id": "JVNDB-2018-013317" }, { "db": "NVD", "id": "CVE-2018-11462" }, { "db": "CNNVD", "id": "CNNVD-201812-603" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). By sending a specially crafted authentication request to the affected systems a remote attacker could escalate his privileges to an elevated user account but not to root. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. Permission access control vulnerabilities exist in several Siemens products. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities:\n1. A heap based buffer-overflow vulnerability. \n2. An integer overflow vulnerability. \n3. A security bypass vulnerability. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc", "sources": [ { "db": "NVD", "id": "CVE-2018-11462" }, { "db": "JVNDB", "id": "JVNDB-2018-013317" }, { "db": "CNVD", "id": "CNVD-2018-25419" }, { "db": "BID", "id": "106185" }, { "db": "IVD", "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-121324" }, { "db": "VULMON", "id": "CVE-2018-11462" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-11462", "trust": 3.7 }, { "db": "SIEMENS", "id": "SSA-170881", "trust": 2.7 }, { "db": "BID", "id": "106185", "trust": 2.1 }, { "db": "ICS CERT", "id": "ICSA-18-345-02", "trust": 1.2 }, { "db": "CNNVD", "id": "CNNVD-201812-603", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-25419", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-013317", "trust": 0.8 }, { "db": "IVD", "id": "7D81E6DE-463F-11E9-A7E2-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-121324", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-11462", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25419" }, { "db": "VULHUB", "id": "VHN-121324" }, { "db": "VULMON", "id": "CVE-2018-11462" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013317" }, { "db": "NVD", "id": "CVE-2018-11462" }, { "db": "CNNVD", "id": "CNNVD-201812-603" } ] }, "id": "VAR-201812-0457", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25419" }, { "db": "VULHUB", "id": "VHN-121324" } ], "trust": 1.7086762260000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25419" } ] }, "last_update_date": "2023-12-18T12:00:51.119000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-170881", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "title": "Patch for multiple Siemens Product Permission Access Control Vulnerabilities (CNVD-2018-25419)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/147325" }, { "title": "Multiple Siemens Product Privilege License and Access Control Vulnerability Fixes", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87847" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=f0c2b52e2cee7c2c16aa1cae6ed75a3b" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25419" }, { "db": "VULMON", "id": "CVE-2018-11462" }, { "db": "JVNDB", "id": "JVNDB-2018-013317" }, { "db": "CNNVD", "id": "CNNVD-201812-603" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-264", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013317" }, { "db": "NVD", "id": "CVE-2018-11462" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/106185" }, { "trust": 1.2, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11462" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11462" }, { "trust": 0.3, "url": "http://subscriber.communications.siemens.com/" }, { "trust": 0.3, "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25419" }, { "db": "VULHUB", "id": "VHN-121324" }, { "db": "VULMON", "id": "CVE-2018-11462" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013317" }, { "db": "NVD", "id": "CVE-2018-11462" }, { "db": "CNNVD", "id": "CNNVD-201812-603" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25419" }, { "db": "VULHUB", "id": "VHN-121324" }, { "db": "VULMON", "id": "CVE-2018-11462" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013317" }, { "db": "NVD", "id": "CVE-2018-11462" }, { "db": "CNNVD", "id": "CNNVD-201812-603" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-14T00:00:00", "db": "IVD", "id": "7d81e6de-463f-11e9-a7e2-000c29342cb1" }, { "date": "2018-12-14T00:00:00", "db": "CNVD", "id": "CNVD-2018-25419" }, { "date": "2018-12-12T00:00:00", "db": "VULHUB", "id": "VHN-121324" }, { "date": "2018-12-12T00:00:00", "db": "VULMON", "id": "CVE-2018-11462" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-02-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013317" }, { "date": "2018-12-12T16:29:00.497000", "db": "NVD", "id": "CVE-2018-11462" }, { "date": "2018-12-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-603" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-14T00:00:00", "db": "CNVD", "id": "CNVD-2018-25419" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-121324" }, { "date": "2019-10-09T00:00:00", "db": "VULMON", "id": "CVE-2018-11462" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-03-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013317" }, { "date": "2019-10-09T23:33:33.557000", "db": "NVD", "id": "CVE-2018-11462" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-603" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-603" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural SINUMERIK Vulnerabilities related to authorization, authority, and access control in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013317" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-603" } ], "trust": 0.6 } }
var-201812-0458
Vulnerability from variot
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A buffer overflow in the service command application could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \302\240The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A stack-based buffer overflow vulnerability exists in several Siemens products. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities: 1. A heap based buffer-overflow vulnerability. 2. An integer overflow vulnerability. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0458", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sinumerik 840d sl v4.8", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 808d v4.7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinumerik 828d v4.7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d v4.8", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinumerik 840d sl v4.7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 840d sl", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 840d sp6 hf5", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 840d sp3", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 828d sp6 hf1", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 808d v4.8", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinumerik 808d v4.7", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d v4.7", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl v4.8", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl v4.7", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl sp3", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl sp6 hf5", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d sp6 hf1", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 808d v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 808d v4 8", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 828d v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl v4 8", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7d812390-463f-11e9-9a73-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25420" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013318" }, { "db": "NVD", "id": "CVE-2018-11463" }, { "db": "CNNVD", "id": "CNNVD-201812-604" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_808d_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_808d_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_808d_v4.8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_808d_v4.8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_828d_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl_v4.7:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_v4.8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl_v4.8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-11463" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.", "sources": [ { "db": "BID", "id": "106185" } ], "trust": 0.3 }, "cve": "CVE-2018-11463", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-11463", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2018-25420", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "7d812390-463f-11e9-9a73-000c29342cb1", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "VHN-121325", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-11463", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-11463", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-25420", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201812-604", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "7d812390-463f-11e9-9a73-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-121325", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "7d812390-463f-11e9-9a73-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25420" }, { "db": "VULHUB", "id": "VHN-121325" }, { "db": "JVNDB", "id": "JVNDB-2018-013318" }, { "db": "NVD", "id": "CVE-2018-11463" }, { "db": "CNNVD", "id": "CNNVD-201812-604" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). A buffer overflow in the service command application could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \\302\\240The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A stack-based buffer overflow vulnerability exists in several Siemens products. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities:\n1. A heap based buffer-overflow vulnerability. \n2. An integer overflow vulnerability. \n3. A security bypass vulnerability. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc", "sources": [ { "db": "NVD", "id": "CVE-2018-11463" }, { "db": "JVNDB", "id": "JVNDB-2018-013318" }, { "db": "CNVD", "id": "CNVD-2018-25420" }, { "db": "BID", "id": "106185" }, { "db": "IVD", "id": "7d812390-463f-11e9-9a73-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-121325" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-11463", "trust": 3.6 }, { "db": "SIEMENS", "id": "SSA-170881", "trust": 2.6 }, { "db": "BID", "id": "106185", "trust": 2.0 }, { "db": "ICS CERT", "id": "ICSA-18-345-02", "trust": 1.1 }, { "db": "CNNVD", "id": "CNNVD-201812-604", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-25420", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-013318", "trust": 0.8 }, { "db": "IVD", "id": "7D812390-463F-11E9-9A73-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-121325", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7d812390-463f-11e9-9a73-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25420" }, { "db": "VULHUB", "id": "VHN-121325" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013318" }, { "db": "NVD", "id": "CVE-2018-11463" }, { "db": "CNNVD", "id": "CNNVD-201812-604" } ] }, "id": "VAR-201812-0458", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "7d812390-463f-11e9-9a73-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25420" }, { "db": "VULHUB", "id": "VHN-121325" } ], "trust": 1.7086762260000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "7d812390-463f-11e9-9a73-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25420" } ] }, "last_update_date": "2023-12-18T12:00:50.818000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-170881", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "title": "Patches for multiple Siemens product buffer overflow vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/147351" }, { "title": "Multiple Siemens Product Buffer Error Vulnerability Fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87848" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25420" }, { "db": "JVNDB", "id": "JVNDB-2018-013318" }, { "db": "CNNVD", "id": "CNNVD-201812-604" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-121325" }, { "db": "JVNDB", "id": "JVNDB-2018-013318" }, { "db": "NVD", "id": "CVE-2018-11463" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/106185" }, { "trust": 1.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11463" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11463" }, { "trust": 0.3, "url": "http://subscriber.communications.siemens.com/" }, { "trust": 0.3, "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25420" }, { "db": "VULHUB", "id": "VHN-121325" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013318" }, { "db": "NVD", "id": "CVE-2018-11463" }, { "db": "CNNVD", "id": "CNNVD-201812-604" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "7d812390-463f-11e9-9a73-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25420" }, { "db": "VULHUB", "id": "VHN-121325" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013318" }, { "db": "NVD", "id": "CVE-2018-11463" }, { "db": "CNNVD", "id": "CNNVD-201812-604" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-14T00:00:00", "db": "IVD", "id": "7d812390-463f-11e9-9a73-000c29342cb1" }, { "date": "2018-12-14T00:00:00", "db": "CNVD", "id": "CNVD-2018-25420" }, { "date": "2018-12-12T00:00:00", "db": "VULHUB", "id": "VHN-121325" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-02-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013318" }, { "date": "2018-12-12T16:29:00.543000", "db": "NVD", "id": "CVE-2018-11463" }, { "date": "2018-12-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-604" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-14T00:00:00", "db": "CNVD", "id": "CNVD-2018-25420" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-121325" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-03-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013318" }, { "date": "2019-10-09T23:33:33.743000", "db": "NVD", "id": "CVE-2018-11463" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-604" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-604" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural SINUMERIK Product buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013318" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "7d812390-463f-11e9-9a73-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201812-604" } ], "trust": 0.8 } }
var-201910-1595
Vulnerability from variot
A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC PN/PN Coupler, SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS NET PN/PN Coupler, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. Affected devices improperly handle large amounts of specially crafted UDP packets.
This could allow an unauthenticated remote attacker to trigger a denial of service condition. Several Siemens products are vulnerable to resource exhaustion.Denial of service (DoS) May be in a state. Siemens SIMATIC CFU PA and so on are the products of Germany's Siemens company. Siemens SIMATIC CFU PA is a compact field device. SIMATIC ET 200AL is a distributed I / O system module. SIMATIC ET 200M is a modular I / O system module for control cabinets for high density channel applications. A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM 155-5 PN BA (All versions < V4.3.0), SIMATIC ET 200MP IM 155-5 PN HF (All versions), SIMATIC ET 200MP IM 155-5 PN ST (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM 155-6 PN BA (All versions), SIMATIC ET 200SP IM 155-6 PN HA (All versions), SIMATIC ET 200SP IM 155-6 PN HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN HS (All versions), SIMATIC ET 200SP IM 155-6 PN ST (All versions), SIMATIC ET 200SP IM 155-6 PN/2 HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN/3 HF (All versions < V4.2.1), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions), SIMATIC HMI Comfort Panels 4" - 22" (All versions), SIMATIC HMI KTP Mobile Panels (All versions), SIMATIC PN/PN Coupler (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. SIMATIC S7-1500 is a programmable logic controller. SINUMERIK 840D sl is a set of advanced machine tool numerical control system. The following products and versions are affected: Siemens SIMATIC S7-1500 CPU series (including: related ET200 CPUs and SIPLUS variants); SIMATIC S7-1500 Software Controller; SIMATIC TDC CP51M1; SIMATIC TDC CPU555; SINAMICS DCM, etc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201910-1595", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic cfu pa", "scope": "lt", "trust": 1.6, "vendor": "siemens", "version": "1.2.0" }, { "model": "simatic profinet driver", "scope": "lt", "trust": 1.6, "vendor": "siemens", "version": "2.1" }, { "model": "dk standard ethernet controller", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic et 200al", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic et 200m", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic et 200s", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": null, "scope": "eq", "trust": 1.0, "vendor": "sinumerik 828d", "version": "4.8" }, { "model": "simatic s7-1500t cpu", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "sinamics g150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2" }, { "model": "simatic s7-410 v8", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "8.2.2" }, { "model": "sinamics g130", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.2" }, { "model": "simatic winac rtx \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2010" }, { "model": "dk standard ethernet controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics dcp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.3" }, { "model": "simatic hmi ktp mobile panels", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic et 200sp im 155-6 pn st", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic et 200sp im 155-6 pn hs", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic pn\\/pn coupler", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2.1" }, { "model": "sinamics s150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2" }, { "model": "simatic s7-300 cpu 314 ifm", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-300 cpu 318-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "sinamics gl150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic hmi comfort panels 4\\\"", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic et 200pro", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-300 cpu 313", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "sinamics sl150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic hmi comfort outdoor panels 7\\\"", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinumerik 828d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic s7-400 dp v7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic et 200m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic et 200sp im 155-6 pn ha", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-400h v6", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.0.9" }, { "model": "simatic et 200sp im 155-6 pn ba", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics g110m", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic et 200mp im 155-5 pn ba", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3.0" }, { "model": "simatic et 200s", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics gm150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics sl150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic s7-300 cpu 316-2 dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "sinamics g120", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic et 200sp im 155-6 pn\\/3 hf", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2.1" }, { "model": "simatic s7-1500s cpu", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "simatic hmi comfort outdoor panels 15\\\"", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-300 cpu", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "simatic s7-300 cpu 314", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "sinamics gl150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics g110m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic s7-400 v6", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.0.9" }, { "model": "simatic et 200mp im 155-5 pn hf", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.4.0" }, { "model": "sinamics g120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic s7-300 cpu 315-2 dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "simatic et 200al", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-300 cpu 312 ifm", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "simatic s7-300 cpu 315", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "simatic s7-1500 cpu", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "simatic hmi comfort panels 22\\\"", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics s110", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1500 cpu 1512c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "simatic s7-1200 cpu 1212c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.4.0" }, { "model": "ek-ertec 200p", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6" }, { "model": "sinamics g150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.2" }, { "model": "sinamics gm150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic et 200ecopn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics dcm", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.5" }, { "model": "ek-ertec 200", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic et 200sp im 155-6 pn\\/2 hf", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2.2" }, { "model": "ek-ertec 200p", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.6" }, { "model": "sinamics sm120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-400 pn v7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic winac rtx \\", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2010" }, { "model": "simatic s7-1500 cpu 1518", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "simatic s7-1500 cpu 1511c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "sinamics s150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.2" }, { "model": "simatic s7-1200 cpu 1211c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.4.0" }, { "model": "sinamics s120", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2" }, { "model": "sinamics g130", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2" }, { "model": "simatic s7-1200 cpu", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.4.0" }, { "model": "simatic et 200mp im 155-5 pn st", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1200 cpu 1214c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.4.0" }, { "model": "sinamics s120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.2" }, { "model": "simatic et 200sp im 155-6 pn hf", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2.2" }, { "model": "sinamics dcm", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.5" }, { "model": "ek-ertec 200", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ek-ertec 200p p", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cfu pa", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200mp im 155-5 pn ba", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200mp im 155-5 pn hf", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200mp im 155-5 pn st", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-1200 cpu family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "ek-ertec", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "200" }, { "model": "ek-ertec 200p", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic et 200mp im pn ba", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "155-5\u003c4.2.3" }, { "model": "simatic et 200mp im pn hf", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "155-5" }, { "model": "simatic et 200mp im pn st", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "155-5" }, { "model": "simatic et 200sp im pn ba", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "155-6" }, { "model": "simatic et 200sp im pn ha", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "155-6" }, { "model": "simatic et 200sp im pn hf", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "155-6\u003c4.2.2" }, { "model": "simatic et 200sp im pn hs", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "155-6" }, { "model": "simatic et 200sp im pn st", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "155-6" }, { "model": "simatic et 200sp im pn/2 hf", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "155-6\u003c4.2.2" }, { "model": "simatic et 200sp im pn/3 hf", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "155-6\u003c4.2.1" }, { "model": "simatic et 200ecopn", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic et 200pro", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic hmi comfort outdoor panels 7\" \u0026 15\"", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic hmi comfort panels 4\" 22\"", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic hmi ktp mobile panels", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic pn/pn coupler", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 cpu family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic s7-300 cpu family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic s7-400 pn/dp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v7" }, { "model": "simatic s7-400 and below", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v6" }, { "model": "simatic s7-400h", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v6\u003c6.0.9" }, { "model": "simatic s7-410", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v8" }, { "model": "simatic winac rtx", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "2010" }, { "model": "sinamics dcm", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinamics dcp", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinamics g110m sp10 hf5", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7\u003cv4.7" }, { "model": "sinamics g120 sp10 hf5", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7\u003cv4.7" }, { "model": "sinamics g130", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinamics g150", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinamics gh150", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinamics gl150", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinamics gm150", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinamics s110", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinamics s120", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinamics s150", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinamics sl150", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinamics sm120", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 828d sp5", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 840d sl", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "dk standard ethernet controller", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200s", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200sp im 155 6 pn ba", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200sp im 155 6 pn ha", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200sp im 155 6 pn hf", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200sp im 155 6 pn hs", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200sp im 155 6 pn st", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200sp im 155 6 pn 2 hf", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200sp im 155 6 pn 3 hf", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200ecopn", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200pro", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ek ertec 200", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi comfort outdoor panels 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi comfort outdoor panels 15", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi comfort panels 4", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi comfort panels 22", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi ktp mobile panels", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic pn pn coupler", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic profinet driver", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1200 cpu", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1200 cpu 1211c", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1200 cpu 1212c", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ek ertec 200p", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1200 cpu 1214c", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500 cpu", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500s cpu", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500t cpu", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500 cpu 1518", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500 cpu 1511c", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500 cpu 1512c", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 312 ifm", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 313", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cfu pa", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 314", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 314 ifm", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 315", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 315 2 dp", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 316 2 dp", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 318 2", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400 pn v7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400 dp v7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400 v6", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400h v6", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200al", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 410 v8", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic winac rtx f 2010", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics dcm", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics dcm", "version": "1.5" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics dcp", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g110m", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g120", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g130", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics gl150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics gm150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200m", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s110", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s120", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics sl150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics sm120", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 828d", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200mp im 155 5 pn ba", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200mp im 155 5 pn hf", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200mp im 155 5 pn st", "version": "*" } ], "sources": [ { "db": "IVD", "id": "ea2714fa-253a-4380-82d5-35652a5540fb" }, { "db": "CNVD", "id": "CNVD-2019-36853" }, { "db": "JVNDB", "id": "JVNDB-2019-010605" }, { "db": "NVD", "id": "CVE-2019-10936" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:dk_standard_ethernet_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ek-ertec_200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200p_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200p_firmware:4.6:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ek-ertec_200p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cfu_pa_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cfu_pa:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200al_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200al:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200m_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200mp_im_155-5_pn_ba_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200mp_im_155-5_pn_ba:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200mp_im_155-5_pn_hf_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200mp_im_155-5_pn_hf:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200mp_im_155-5_pn_st_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200mp_im_155-5_pn_st:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200sp_im_155-6_pn_ba_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200sp_im_155-6_pn_ba:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200sp_im_155-6_pn_ha_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200sp_im_155-6_pn_ha:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200sp_im_155-6_pn_hf_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200sp_im_155-6_pn_hf:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200sp_im_155-6_pn_hs_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200sp_im_155-6_pn_hs:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200sp_im_155-6_pn_st_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200sp_im_155-6_pn_st:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200sp_im_155-6_pn\\/2_hf_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200sp_im_155-6_pn\\/2_hf:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200sp_im_155-6_pn\\/3_hf_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200sp_im_155-6_pn\\/3_hf:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200ecopn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200ecopn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200pro_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200pro:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_7\\\"_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels_7\\\":-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_15\\\"_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels_15\\\":-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_4\\\"_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_comfort_panels_4\\\":-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_22\\\"_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_comfort_panels_22\\\":-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_pn\\/pn_coupler_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_pn\\/pn_coupler:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_profinet_driver_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_profinet_driver:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500s_cpu_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500s_cpu:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500t_cpu_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500t_cpu:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_312_ifm_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_312_ifm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_313_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_313:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_314_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_314_ifm_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_314_ifm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_316-2_dp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_316-2_dp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_318-2_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_318-2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_pn_v7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400_pn_v7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_dp_v7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400_dp_v7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_v6_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.0.9", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400h_v6_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.0.9", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400h_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-410_v8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.2.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-410_v8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2010", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:2010:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_winac_rtx_\\(f\\)_2010:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcm_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcm_firmware:1.5:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_dcm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g110m_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g110m_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g110m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g120_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g120_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g130_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g130_firmware:5.2:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g130:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g150_firmware:5.2:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gl150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gl150_firmware:4.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_gl150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gm150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gm150_firmware:4.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_gm150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s110_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s110:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s120_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s150_firmware:5.2:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_sl150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_sl150_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_sl150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_sm120_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_sm120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:sinumerik_828d:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sinumerik_828d:4.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sinumerik_828d:4.8:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sinumerik_828d:4.8:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sinumerik_828d:4.8:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sinumerik_828d:4.8:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:sinumerik_840d_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-10936" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported this vulnerability to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201910-639" } ], "trust": 0.6 }, "cve": "CVE-2019-10936", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-10936", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2019-36853", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "ea2714fa-253a-4380-82d5-35652a5540fb", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-142532", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-10936", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-10936", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2019-10936", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2019-36853", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201910-639", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "ea2714fa-253a-4380-82d5-35652a5540fb", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-142532", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "ea2714fa-253a-4380-82d5-35652a5540fb" }, { "db": "CNVD", "id": "CNVD-2019-36853" }, { "db": "VULHUB", "id": "VHN-142532" }, { "db": "JVNDB", "id": "JVNDB-2019-010605" }, { "db": "NVD", "id": "CVE-2019-10936" }, { "db": "NVD", "id": "CVE-2019-10936" }, { "db": "CNNVD", "id": "CNNVD-201910-639" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC PN/PN Coupler, SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS NET PN/PN Coupler, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. Affected devices improperly handle large amounts of specially crafted UDP packets. \r\n\r\nThis could allow an unauthenticated remote attacker to trigger a denial of service condition. Several Siemens products are vulnerable to resource exhaustion.Denial of service (DoS) May be in a state. Siemens SIMATIC CFU PA and so on are the products of Germany\u0027s Siemens company. Siemens SIMATIC CFU PA is a compact field device. SIMATIC ET 200AL is a distributed I / O system module. SIMATIC ET 200M is a modular I / O system module for control cabinets for high density channel applications. A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions \u003c V1.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM 155-5 PN BA (All versions \u003c V4.3.0), SIMATIC ET 200MP IM 155-5 PN HF (All versions), SIMATIC ET 200MP IM 155-5 PN ST (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM 155-6 PN BA (All versions), SIMATIC ET 200SP IM 155-6 PN HA (All versions), SIMATIC ET 200SP IM 155-6 PN HF (All versions \u003c V4.2.2), SIMATIC ET 200SP IM 155-6 PN HS (All versions), SIMATIC ET 200SP IM 155-6 PN ST (All versions), SIMATIC ET 200SP IM 155-6 PN/2 HF (All versions \u003c V4.2.2), SIMATIC ET 200SP IM 155-6 PN/3 HF (All versions \u003c V4.2.1), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels (All versions), SIMATIC PN/PN Coupler (All versions), SIMATIC PROFINET Driver (All versions \u003c V2.1), SIMATIC S7-1200 CPU family (incl. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. SIMATIC S7-1500 is a programmable logic controller. SINUMERIK 840D sl is a set of advanced machine tool numerical control system. The following products and versions are affected: Siemens SIMATIC S7-1500 CPU series (including: related ET200 CPUs and SIPLUS variants); SIMATIC S7-1500 Software Controller; SIMATIC TDC CP51M1; SIMATIC TDC CPU555; SINAMICS DCM, etc", "sources": [ { "db": "NVD", "id": "CVE-2019-10936" }, { "db": "JVNDB", "id": "JVNDB-2019-010605" }, { "db": "CNVD", "id": "CNVD-2019-36853" }, { "db": "IVD", "id": "ea2714fa-253a-4380-82d5-35652a5540fb" }, { "db": "VULHUB", "id": "VHN-142532" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-10936", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-473245", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-19-283-02", "trust": 1.4 }, { "db": "CNNVD", "id": "CNNVD-201910-639", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-36853", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-010605", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2019.3813", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3813.3", "trust": 0.6 }, { "db": "IVD", "id": "EA2714FA-253A-4380-82D5-35652A5540FB", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-142532", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "ea2714fa-253a-4380-82d5-35652a5540fb" }, { "db": "CNVD", "id": "CNVD-2019-36853" }, { "db": "VULHUB", "id": "VHN-142532" }, { "db": "JVNDB", "id": "JVNDB-2019-010605" }, { "db": "NVD", "id": "CVE-2019-10936" }, { "db": "CNNVD", "id": "CNNVD-201910-639" } ] }, "id": "VAR-201910-1595", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "ea2714fa-253a-4380-82d5-35652a5540fb" }, { "db": "CNVD", "id": "CNVD-2019-36853" }, { "db": "VULHUB", "id": "VHN-142532" } ], "trust": 1.633110274222222 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "ea2714fa-253a-4380-82d5-35652a5540fb" }, { "db": "CNVD", "id": "CNVD-2019-36853" } ] }, "last_update_date": "2023-12-18T13:13:13.201000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-473245", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf" }, { "title": "Patch for Multiple Siemens Product Denial of Service Vulnerabilities (CNVD-2019-36853)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/186551" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-36853" }, { "db": "JVNDB", "id": "JVNDB-2019-010605" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-142532" }, { "db": "JVNDB", "id": "JVNDB-2019-010605" }, { "db": "NVD", "id": "CVE-2019-10936" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf" }, { "trust": 1.4, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-283-02" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10936" }, { "trust": 1.2, "url": "https://vigilance.fr/vulnerability/simatic-denial-of-service-via-profinet-udp-packets-30562" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10936" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3813/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-283-02" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3813.3/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-36853" }, { "db": "VULHUB", "id": "VHN-142532" }, { "db": "JVNDB", "id": "JVNDB-2019-010605" }, { "db": "NVD", "id": "CVE-2019-10936" }, { "db": "CNNVD", "id": "CNNVD-201910-639" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "ea2714fa-253a-4380-82d5-35652a5540fb" }, { "db": "CNVD", "id": "CNVD-2019-36853" }, { "db": "VULHUB", "id": "VHN-142532" }, { "db": "JVNDB", "id": "JVNDB-2019-010605" }, { "db": "NVD", "id": "CVE-2019-10936" }, { "db": "CNNVD", "id": "CNNVD-201910-639" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-23T00:00:00", "db": "IVD", "id": "ea2714fa-253a-4380-82d5-35652a5540fb" }, { "date": "2019-10-23T00:00:00", "db": "CNVD", "id": "CNVD-2019-36853" }, { "date": "2019-10-10T00:00:00", "db": "VULHUB", "id": "VHN-142532" }, { "date": "2019-10-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-010605" }, { "date": "2019-10-10T14:15:14.707000", "db": "NVD", "id": "CVE-2019-10936" }, { "date": "2019-10-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201910-639" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-23T00:00:00", "db": "CNVD", "id": "CNVD-2019-36853" }, { "date": "2023-01-10T00:00:00", "db": "VULHUB", "id": "VHN-142532" }, { "date": "2019-11-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-010605" }, { "date": "2023-05-09T13:15:13.053000", "db": "NVD", "id": "CVE-2019-10936" }, { "date": "2023-05-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201910-639" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201910-639" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple Siemens products vulnerable to resource depletion", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-010605" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Resource management error", "sources": [ { "db": "IVD", "id": "ea2714fa-253a-4380-82d5-35652a5540fb" }, { "db": "CNNVD", "id": "CNNVD-201910-639" } ], "trust": 0.8 } }
var-201803-2159
Vulnerability from variot
A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (All versions < V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.16), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX 2010 (All versions < V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions < V2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a denial of service condition of the requesting system.
The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. A manual restart is required to recover the system. plural Siemens The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Siemens SIMATIC CP 343-1 Advanced is an Ethernet communication module for supporting PROFINET, a new generation of automation bus standard based on Industrial Ethernet technology. SIMATIC S7-1500 is a programmable logic controller.
A denial of service vulnerability exists in several Siemens products. Siemens SIMATIC/SINUMERIK/PROFINET IO are prone to a denial-of-service vulnerability. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected. F; SINUMERIK 828D; SINUMERIK 840D sl; Softnet PROFINET IO for PC-based Windows systems
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2159", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic s7-410", "scope": "lt", "trust": 1.6, "vendor": "siemens", "version": "8.1" }, { "model": "simatic cp 343-1", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "simatic winac rtx 2010", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "simatic s7-300", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "simatic s7-400 pn\\/dp v7", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "softnet pn-io linux", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "simatic s7-400 h v6", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic s7-400 pn\\/dp v6", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.0.7" }, { "model": "simatic s7-1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.7.0" }, { "model": "simatic cp 343-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-300", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-400 pn/dp v6", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-400 pn/dp v7", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-400h v6", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-410", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic winac rtx 2010", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "softnet profinet io", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "for pc-based windows systems firmware" }, { "model": "simatic cp advanced", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "343-1" }, { "model": "simatic cp standard", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "343-1" }, { "model": "simatic cp standard", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1" }, { "model": "simatic s7-1500 software controller incl. f", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "1.7.0" }, { "model": "simatic s7-1500 incl. f", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "1.7.0" }, { "model": "simatic s7-300 incl. f and t", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic s7-400 h", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v6" }, { "model": "simatic s7-400 pn/dp incl. f", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v6\u003c6.0.7" }, { "model": "simatic s7-400 pn/dp incl. f", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v7" }, { "model": "simatic winac rtx incl. f", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "2010" }, { "model": "sinumerik 840d sl", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "softnet profinet io for pc-based windows systems", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "simatic cp 343 1", "version": null }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "simatic cp 443 1", "version": null }, { "model": "softnet profinet io", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinumerik 840d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic winac rtx", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "20100" }, { "model": "simatic s7-410", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "8" }, { "model": "simatic s7-400 pn/dp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "7" }, { "model": "simatic s7-400 pn/dp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "6" }, { "model": "simatic s7-400 h", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "v60" }, { "model": "simatic s7-300", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-1500 software controller", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic cp standard", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "443-10" }, { "model": "simatic cp advanced", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "443-10" }, { "model": "simatic cp standard", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "343-10" }, { "model": "simatic cp advanced", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "343-10" }, { "model": "simatic s7-410", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "8.1" }, { "model": "simatic s7-400 pn/dp", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "6.0.7" }, { "model": "simatic s7-1500 software controller", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1.7" }, { "model": "simatic s7-1500", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1.7" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 410", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic winac rtx 2010", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 828d", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "softnet pn io linux", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400 h v6", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400 pn dp v6", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400 pn dp v7", "version": null } ], "sources": [ { "db": "IVD", "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-06025" }, { "db": "BID", "id": "103465" }, { "db": "JVNDB", "id": "JVNDB-2018-003479" }, { "db": "NVD", "id": "CVE-2018-4843" }, { "db": "CNNVD", "id": "CNNVD-201803-723" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_343-1_firmware:-:*:*:*:advanced:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_343-1:-:*:*:*:advanced:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_343-1_firmware:-:*:*:*:standard:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_343-1:-:*:*:*:standard:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_firmware:-:*:*:*:advanced:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_443-1:-:*:*:*:advanced:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_firmware:-:*:*:*:standard:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_443-1:-:*:*:*:standard:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_h_v6_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400_h_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_pn\\/dp_v6_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.0.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400_pn\\/dp_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_pn\\/dp_v7_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400_pn\\/dp_v7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-410_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-410:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_2010_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_winac_rtx_2010:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_828d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:softnet_pn-io_linux_firmware:-:*:*:*:*:windows:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:softnet_pn-io_linux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-4843" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens ProductCERT", "sources": [ { "db": "BID", "id": "103465" } ], "trust": 0.3 }, "cve": "CVE-2018-4843", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Adjacent Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 6.1, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-4843", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 4.6, "confidentialityImpact": "NONE", "exploitabilityScore": 3.2, "id": "CNVD-2018-06025", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 4.6, "confidentialityImpact": "NONE", "exploitabilityScore": 3.2, "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "VHN-134874", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Adjacent Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-4843", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-4843", "trust": 1.8, "value": "MEDIUM" }, { "author": "productcert@siemens.com", "id": "CVE-2018-4843", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2018-06025", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201803-723", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-134874", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-06025" }, { "db": "VULHUB", "id": "VHN-134874" }, { "db": "JVNDB", "id": "JVNDB-2018-003479" }, { "db": "NVD", "id": "CVE-2018-4843" }, { "db": "NVD", "id": "CVE-2018-4843" }, { "db": "CNNVD", "id": "CNNVD-201803-723" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions \u003c V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (All versions \u003c V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions \u003c V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions \u003c V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V1.7.0), SIMATIC S7-1500 Software Controller (All versions \u003c V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions \u003c V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions \u003c V3.2.16), SIMATIC S7-400 CPU 412-2 PN V7 (All versions \u003c V7.0.3), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.7), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions \u003c V8.1), SIMATIC WinAC RTX 2010 (All versions \u003c V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions \u003c V2010 SP3), SINUMERIK 828D (All versions \u003c V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions \u003c V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions \u003c V3.2.16), SIPLUS NET CP 443-1 (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (All versions \u003c V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions \u003c V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions \u003c V3.2.16), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a denial of service condition of the requesting system. \r\n\r\nThe security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. A manual restart is required to recover the system. plural Siemens The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Siemens SIMATIC CP 343-1 Advanced is an Ethernet communication module for supporting PROFINET, a new generation of automation bus standard based on Industrial Ethernet technology. SIMATIC S7-1500 is a programmable logic controller. \n\nA denial of service vulnerability exists in several Siemens products. Siemens SIMATIC/SINUMERIK/PROFINET IO are prone to a denial-of-service vulnerability. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected. F; SINUMERIK 828D; SINUMERIK 840D sl; Softnet PROFINET IO for PC-based Windows systems", "sources": [ { "db": "NVD", "id": "CVE-2018-4843" }, { "db": "JVNDB", "id": "JVNDB-2018-003479" }, { "db": "CNVD", "id": "CNVD-2018-06025" }, { "db": "BID", "id": "103465" }, { "db": "IVD", "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-134874" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-4843", "trust": 3.6 }, { "db": "SIEMENS", "id": "SSA-592007", "trust": 2.0 }, { "db": "ICS CERT", "id": "ICSA-18-079-02", "trust": 1.7 }, { "db": "CNVD", "id": "CNVD-2018-06025", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201803-723", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-003479", "trust": 0.8 }, { "db": "BID", "id": "103465", "trust": 0.4 }, { "db": "IVD", "id": "E2E91DF0-39AB-11E9-BEF8-000C29342CB1", "trust": 0.2 }, { "db": "SEEBUG", "id": "SSVID-98995", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-134874", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-06025" }, { "db": "VULHUB", "id": "VHN-134874" }, { "db": "BID", "id": "103465" }, { "db": "JVNDB", "id": "JVNDB-2018-003479" }, { "db": "NVD", "id": "CVE-2018-4843" }, { "db": "CNNVD", "id": "CNNVD-201803-723" } ] }, "id": "VAR-201803-2159", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-06025" }, { "db": "VULHUB", "id": "VHN-134874" } ], "trust": 1.6409676735714287 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-06025" } ] }, "last_update_date": "2023-12-18T13:33:56.565000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-592007", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf" }, { "title": "Patch for Multiple Siemens Product Denial of Service Vulnerabilities (CNVD-2018-06025)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/122865" }, { "title": "Multiple Siemens Product security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=79323" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-06025" }, { "db": "JVNDB", "id": "JVNDB-2018-003479" }, { "db": "CNNVD", "id": "CNNVD-201803-723" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-134874" }, { "db": "JVNDB", "id": "JVNDB-2018-003479" }, { "db": "NVD", "id": "CVE-2018-4843" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf" }, { "trust": 1.7, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-02" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4843" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4843" }, { "trust": 0.3, "url": "http://www.siemens.com/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-06025" }, { "db": "VULHUB", "id": "VHN-134874" }, { "db": "BID", "id": "103465" }, { "db": "JVNDB", "id": "JVNDB-2018-003479" }, { "db": "NVD", "id": "CVE-2018-4843" }, { "db": "CNNVD", "id": "CNNVD-201803-723" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-06025" }, { "db": "VULHUB", "id": "VHN-134874" }, { "db": "BID", "id": "103465" }, { "db": "JVNDB", "id": "JVNDB-2018-003479" }, { "db": "NVD", "id": "CVE-2018-4843" }, { "db": "CNNVD", "id": "CNNVD-201803-723" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-03-22T00:00:00", "db": "IVD", "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1" }, { "date": "2018-03-22T00:00:00", "db": "CNVD", "id": "CNVD-2018-06025" }, { "date": "2018-03-20T00:00:00", "db": "VULHUB", "id": "VHN-134874" }, { "date": "2018-03-20T00:00:00", "db": "BID", "id": "103465" }, { "date": "2018-05-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-003479" }, { "date": "2018-03-20T14:29:00.413000", "db": "NVD", "id": "CVE-2018-4843" }, { "date": "2018-03-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201803-723" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-22T00:00:00", "db": "CNVD", "id": "CNVD-2018-06025" }, { "date": "2023-01-10T00:00:00", "db": "VULHUB", "id": "VHN-134874" }, { "date": "2018-03-20T00:00:00", "db": "BID", "id": "103465" }, { "date": "2018-07-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-003479" }, { "date": "2023-05-09T13:15:12.543000", "db": "NVD", "id": "CVE-2018-4843" }, { "date": "2023-05-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201803-723" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201803-723" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Siemens Vulnerability related to input validation in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-003479" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input validation error", "sources": [ { "db": "IVD", "id": "e2e91df0-39ab-11e9-bef8-000c29342cb1" }, { "db": "BID", "id": "103465" }, { "db": "CNNVD", "id": "CNNVD-201803-723" } ], "trust": 1.1 } }
var-201910-1596
Vulnerability from variot
A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SCALANCE X-200IRT switch family (incl. SIPLUS NET variants), SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC NET CP 1604, SIMATIC NET CP 1616, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SIMOTION, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 Control Unit, SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation. Multiple Siemens products are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens SIMATIC S7-300 CPU is a modular universal controller for the manufacturing industry from Siemens. The products in the Siemens SIMATIC S7-400 CPU family have been designed for process control in industrial environments. SIMATIC WinAC RTX (F) 2010 is a simatic software controller for PC-based automation solutions. Siemens SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs).
A denial of service vulnerability exists in several Siemens products. A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT (All versions < V5.2.1), SIMATIC ET 200M (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (All versions), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations. Siemens CP1616, etc. are all products of Siemens (Siemens) in Germany. CP1616 is a communications processor. SINUMERIK 840D sl is a set of advanced machine tool numerical control system. SCALANCE X-200IRT is an industrial Ethernet switch. The following products and versions are affected: Siemens SIMATIC NET CP 1616 before V2.8; SINUMERIK 840D sl (all versions); SCALANCE X-200IRT series (including SIPLUS NET variants) before V5.2.1; SIMATIC ET200S (including SIPLUS variants) (full version) etc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201910-1596", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic et 200m", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic et 200s", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic et 200ecopn", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic pn/pn coupler 6es7158-3ad01-0xa0", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": null, "scope": "eq", "trust": 1.0, "vendor": "sinumerik 828d", "version": "4.8" }, { "model": "simatic s7-300 cpu", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "simatic s7-300 cpu 314", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "sinamics gl150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics g110m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "ek-ertec 200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5.0" }, { "model": "sinamics g130", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics g120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics gh150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic winac rtx \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2010" }, { "model": "sinamics s150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic s7-300 cpu 315-2 dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "simatic s7-300 cpu 312 ifm", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "simatic s7-300 cpu 315", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "sinamics s110", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics dcp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.3" }, { "model": "simatic s7-300 cpu 314 ifm", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-300 cpu 318-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "cp1604", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.8" }, { "model": "ek-ertec 200", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.5.0" }, { "model": "sinamics gl150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics gm150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic et 200ecopn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics dcm", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.5" }, { "model": "ek-ertec 200p", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5.0" }, { "model": "simatic s7-300 cpu 313", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "sinamics sm120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "cp1616", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.8" }, { "model": "simotion", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics sl150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic s7-400 dp v7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic et 200m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-400 pn v7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic winac rtx \\", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2010" }, { "model": "dk standard ethernet controller", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.1" }, { "model": "sinamics s120", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic pn\\/pn coupler 6es7158-3ad01-0xa0", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics g110m", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics g130", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic et 200s", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics gm150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics g150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic s7-400 v6", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "dk standard ethernet controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.1.1" }, { "model": "simatic s7-300 cpu 316-2 dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "sinamics sl150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "scalance x-200irt", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.1" }, { "model": "sinamics g120", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics s120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics gh150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics dcm", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.5" }, { "model": "cp1604", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "cp1616", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "dk standard ethernet controller", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ek-ertec 200", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ek-ertec 200p p", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x-200irt", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200pro", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinamics dcp", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinumerik 840d sl", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "cp1604", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.8" }, { "model": "cp1616", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.8" }, { "model": "dk standard ethernet controller patch", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.1.105" }, { "model": "ek-ertec 200p patch", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.5.001" }, { "model": "ek-ertec 200p", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.5.0" }, { "model": "scalance x-200irt", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v5.2.1" }, { "model": "simatic s7-300 cpu family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic s7-400 and below", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v6" }, { "model": "simatic winac rtx", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "2010" }, { "model": "simatic s7-400 pn/dp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v7" }, { "model": "sinamics dcm hf1", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v1.5" }, { "model": "sinumerik 828d sp5", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinamics g110m sp10 hf5", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7\u003cv4.7" }, { "model": "sinamics g120 sp10 hf5", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7\u003cv4.7" }, { "model": "sinamics g130 hf29", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7\u003cv4.7" }, { "model": "sinamics g150", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinamics gh150", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinamics gl150", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinamics gm150", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinamics s110", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinamics s120 hf34", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7\u003cv4.7" }, { "model": "sinamics s150", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinamics sl150", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinamics sm120", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "dk standard ethernet controller", "version": "4.1.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "cp1604", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic pn pn coupler 6es7158 3ad01 0xa0", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 312 ifm", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 313", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 314", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 314 ifm", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 315", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 315 2 dp", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 316 2 dp", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 318 2", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "cp1616", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400 v6", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400 pn v7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400 dp v7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic winac rtx f 2010", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simotion", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics dcm", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics dcm", "version": "1.5" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics dcp", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g110m", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g110m", "version": "4.7" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g120", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g120", "version": "4.7" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g130", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g130", "version": "4.7" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "dk standard ethernet controller", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics gh150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics gl150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics gm150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s110", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s120", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s120", "version": "4.7" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics sl150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics sm120", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 828d", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ek ertec 200", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ek ertec 200", "version": "4.5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ek ertec 200p", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x 200irt", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200m", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200s", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200ecopn", "version": "*" } ], "sources": [ { "db": "IVD", "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5" }, { "db": "CNVD", "id": "CNVD-2019-41280" }, { "db": "JVNDB", "id": "JVNDB-2019-010610" }, { "db": "NVD", "id": "CVE-2019-10923" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:cp1604_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:cp1604:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:cp1616_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:cp1616:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:4.1.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:4.1.1:p4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:dk_standard_ethernet_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200_firmware:4.5.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ek-ertec_200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200p_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ek-ertec_200p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x-200irt_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200m_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200ecopn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200ecopn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_pn\\/pn_coupler_6es7158-3ad01-0xa0_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_pn\\/pn_coupler_6es7158-3ad01-0xa0:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_312_ifm_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_312_ifm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_313_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_313:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_314_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_314_ifm_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_314_ifm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_316-2_dp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_316-2_dp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_318-2_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_318-2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_v6_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_pn_v7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400_pn_v7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_dp_v7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400_dp_v7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2010", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:2010:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:2010:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:2010:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_winac_rtx_\\(f\\):-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simotion_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simotion:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcm_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcm_firmware:1.5:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_dcm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g110m_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g110m_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g110m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g120_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g120_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g130_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g130_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g130:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gh150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gh150_firmware:4.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_gh150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gl150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gl150_firmware:4.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_gl150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gm150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gm150_firmware:4.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_gm150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s110_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s110:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s120_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s120_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_sl150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_sl150_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_sl150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_sm120_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_sm120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:sinumerik_828d:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sinumerik_828d:4.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sinumerik_828d:4.8:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sinumerik_828d:4.8:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sinumerik_828d:4.8:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sinumerik_828d:4.8:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:sinumerik_840d_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-10923" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported this vulnerability to CISA. Artem Zinenko of Kaspersky reported to Siemens that SIPLUS is also affected.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201910-565" } ], "trust": 0.6 }, "cve": "CVE-2019-10923", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-10923", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2019-41280", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-142518", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-10923", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-10923", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2019-10923", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2019-41280", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201910-565", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-142518", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5" }, { "db": "CNVD", "id": "CNVD-2019-41280" }, { "db": "VULHUB", "id": "VHN-142518" }, { "db": "JVNDB", "id": "JVNDB-2019-010610" }, { "db": "NVD", "id": "CVE-2019-10923" }, { "db": "NVD", "id": "CVE-2019-10923" }, { "db": "CNNVD", "id": "CNNVD-201910-565" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SCALANCE X-200IRT switch family (incl. SIPLUS NET variants), SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC NET CP 1604, SIMATIC NET CP 1616, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SIMOTION, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 Control Unit, SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation. Multiple Siemens products are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens SIMATIC S7-300 CPU is a modular universal controller for the manufacturing industry from Siemens. The products in the Siemens SIMATIC S7-400 CPU family have been designed for process control in industrial environments. SIMATIC WinAC RTX (F) 2010 is a simatic software controller for PC-based automation solutions. Siemens SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). \n\nA denial of service vulnerability exists in several Siemens products. A vulnerability has been identified in CP1604 (All versions \u003c V2.8), CP1616 (All versions \u003c V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions \u003c V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions \u003c V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions \u003c V4.5.0), SCALANCE X-200IRT (All versions \u003c V5.2.1), SIMATIC ET 200M (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (All versions), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations. Siemens CP1616, etc. are all products of Siemens (Siemens) in Germany. CP1616 is a communications processor. SINUMERIK 840D sl is a set of advanced machine tool numerical control system. SCALANCE X-200IRT is an industrial Ethernet switch. The following products and versions are affected: Siemens SIMATIC NET CP 1616 before V2.8; SINUMERIK 840D sl (all versions); SCALANCE X-200IRT series (including SIPLUS NET variants) before V5.2.1; SIMATIC ET200S (including SIPLUS variants) (full version) etc", "sources": [ { "db": "NVD", "id": "CVE-2019-10923" }, { "db": "JVNDB", "id": "JVNDB-2019-010610" }, { "db": "CNVD", "id": "CNVD-2019-41280" }, { "db": "IVD", "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5" }, { "db": "VULHUB", "id": "VHN-142518" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-10923", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-349422", "trust": 2.3 }, { "db": "ICS CERT", "id": "ICSA-19-283-01", "trust": 1.4 }, { "db": "CNNVD", "id": "CNNVD-201910-565", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-41280", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-010610", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2019.3812", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3812.2", "trust": 0.6 }, { "db": "IVD", "id": "B7DE1C6D-2642-4DF7-860F-BFE6735515F5", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-142518", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5" }, { "db": "CNVD", "id": "CNVD-2019-41280" }, { "db": "VULHUB", "id": "VHN-142518" }, { "db": "JVNDB", "id": "JVNDB-2019-010610" }, { "db": "NVD", "id": "CVE-2019-10923" }, { "db": "CNNVD", "id": "CNNVD-201910-565" } ] }, "id": "VAR-201910-1596", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5" }, { "db": "CNVD", "id": "CNVD-2019-41280" }, { "db": "VULHUB", "id": "VHN-142518" } ], "trust": 1.6264974596969697 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5" }, { "db": "CNVD", "id": "CNVD-2019-41280" } ] }, "last_update_date": "2023-12-18T12:43:15.593000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-349422", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf" }, { "title": "Patch for Multiple Siemens Product Denial of Service Vulnerabilities (CNVD-2019-41280)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/184335" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-41280" }, { "db": "JVNDB", "id": "JVNDB-2019-010610" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-142518" }, { "db": "JVNDB", "id": "JVNDB-2019-010610" }, { "db": "NVD", "id": "CVE-2019-10923" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf" }, { "trust": 1.4, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-283-01" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10923" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10923" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3812/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3812.2/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/simatic-denial-of-service-via-irt-30559" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-283-01" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-41280" }, { "db": "VULHUB", "id": "VHN-142518" }, { "db": "JVNDB", "id": "JVNDB-2019-010610" }, { "db": "NVD", "id": "CVE-2019-10923" }, { "db": "CNNVD", "id": "CNNVD-201910-565" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5" }, { "db": "CNVD", "id": "CNVD-2019-41280" }, { "db": "VULHUB", "id": "VHN-142518" }, { "db": "JVNDB", "id": "JVNDB-2019-010610" }, { "db": "NVD", "id": "CVE-2019-10923" }, { "db": "CNNVD", "id": "CNNVD-201910-565" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-11-19T00:00:00", "db": "IVD", "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5" }, { "date": "2019-10-11T00:00:00", "db": "CNVD", "id": "CNVD-2019-41280" }, { "date": "2019-10-10T00:00:00", "db": "VULHUB", "id": "VHN-142518" }, { "date": "2019-10-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-010610" }, { "date": "2019-10-10T14:15:14.503000", "db": "NVD", "id": "CVE-2019-10923" }, { "date": "2019-10-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201910-565" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-11-19T00:00:00", "db": "CNVD", "id": "CNVD-2019-41280" }, { "date": "2023-01-10T00:00:00", "db": "VULHUB", "id": "VHN-142518" }, { "date": "2019-10-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-010610" }, { "date": "2023-05-09T13:15:12.763000", "db": "NVD", "id": "CVE-2019-10923" }, { "date": "2023-05-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201910-565" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201910-565" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerability related to resource depletion in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-010610" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Resource management error", "sources": [ { "db": "IVD", "id": "b7de1c6d-2642-4df7-860f-bfe6735515f5" }, { "db": "CNNVD", "id": "CNNVD-201910-565" } ], "trust": 0.8 } }
var-202003-0886
Vulnerability from variot
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC TDC CP51M1 (All versions < V1.1.8), SIMATIC TDC CPU555 (All versions < V1.1.1), SINUMERIK 840D sl (All versions < V4.8.6), SINUMERIK 840D sl (All versions < V4.94). Specially crafted packets sent to port 102/tcp (Profinet) could cause the affected device to go into defect mode. A restart is required in order to recover the system. Successful exploitation requires an attacker to have network access to port 102/tcp, with no authentication. No user interation is required. At the time of advisory publication no public exploitation of this security vulnerability was known. SIMATIC S7-300n and SINUMERIK 840D sl Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Siemens SIMATIC S7-300 CPU is a modular general-purpose controller for the manufacturing industry from Siemens.
Siemens SIMATIC S7-300 CPU and SINUMERIK Controller have a resource management error vulnerability, which can be exploited by an attacker to cause a denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0886", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sinumerik 840d sl", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic s7-300 cpu", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "simatic s7-300 cpu 314", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "sinumerik 840d sl", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.94" }, { "model": "simatic tdc cp51m1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.8" }, { "model": "simatic s7-300 cpu 314 ifm", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "simatic s7-300 cpu 316-2 dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "simatic s7-300 cpu 318-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "simatic tdc cpu555", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.1" }, { "model": "simatic s7-300 cpu 315-2 dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "sinumerik 840d sl", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8.6" }, { "model": "simatic s7-300 cpu 312 ifm", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "simatic s7-300 cpu 315", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "simatic s7-300 cpu 313", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "simatic s7-300 cpu 312 ifm", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-300 cpu 313", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-300 cpu 314 ifm", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-300 cpu 314", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-300 cpu 315", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-300 cpu 315-2 dp", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-300 cpu 316-2 dp", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-300 cpu 318-2 dp", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-300 cpu", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-300 cpu", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "3.x.17" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 312 ifm", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 313", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 314", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 314 ifm", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 315", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 315 2 dp", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 316 2 dp", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu 318 2", "version": "*" } ], "sources": [ { "db": "IVD", "id": "23361b8a-fcc5-462c-9762-a23bcf79ba39" }, { "db": "CNVD", "id": "CNVD-2020-19250" }, { "db": "JVNDB", "id": "JVNDB-2019-014854" }, { "db": "NVD", "id": "CVE-2019-18336" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_312_ifm_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_312_ifm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_313_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_313:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_314_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_314_ifm_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_314_ifm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_316-2_dp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_316-2_dp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_318-2_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_318-2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:sinumerik_840d_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.8.6", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:sinumerik_840d_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.94", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_tdc_cp51m1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_tdc_cpu555_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_tdc_cpu555:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-18336" } ] }, "cve": "CVE-2019-18336", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2019-014854", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2020-19250", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "23361b8a-fcc5-462c-9762-a23bcf79ba39", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2019-014854", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-18336", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2019-014854", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-19250", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202003-468", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "23361b8a-fcc5-462c-9762-a23bcf79ba39", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "23361b8a-fcc5-462c-9762-a23bcf79ba39" }, { "db": "CNVD", "id": "CNVD-2020-19250" }, { "db": "JVNDB", "id": "JVNDB-2019-014854" }, { "db": "NVD", "id": "CVE-2019-18336" }, { "db": "CNNVD", "id": "CNNVD-202003-468" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V3.X.17), SIMATIC TDC CP51M1 (All versions \u003c V1.1.8), SIMATIC TDC CPU555 (All versions \u003c V1.1.1), SINUMERIK 840D sl (All versions \u003c V4.8.6), SINUMERIK 840D sl (All versions \u003c V4.94). Specially crafted packets sent to port 102/tcp (Profinet) could cause the affected device to go into defect mode. A restart is required in order to recover the system. Successful exploitation requires an attacker to have network access to port 102/tcp, with no authentication. No user interation is required. At the time of advisory publication no public exploitation of this security vulnerability was known. SIMATIC S7-300n and SINUMERIK 840D sl Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Siemens SIMATIC S7-300 CPU is a modular general-purpose controller for the manufacturing industry from Siemens. \n\r\n\r\nSiemens SIMATIC S7-300 CPU and SINUMERIK Controller have a resource management error vulnerability, which can be exploited by an attacker to cause a denial of service", "sources": [ { "db": "NVD", "id": "CVE-2019-18336" }, { "db": "JVNDB", "id": "JVNDB-2019-014854" }, { "db": "CNVD", "id": "CNVD-2020-19250" }, { "db": "IVD", "id": "23361b8a-fcc5-462c-9762-a23bcf79ba39" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-18336", "trust": 3.2 }, { "db": "ICS CERT", "id": "ICSA-20-070-02", "trust": 2.0 }, { "db": "SIEMENS", "id": "SSA-508982", "trust": 1.6 }, { "db": "CNVD", "id": "CNVD-2020-19250", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202003-468", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-014854", "trust": 0.8 }, { "db": "NSFOCUS", "id": "46130", "trust": 0.6 }, { "db": "IVD", "id": "23361B8A-FCC5-462C-9762-A23BCF79BA39", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "23361b8a-fcc5-462c-9762-a23bcf79ba39" }, { "db": "CNVD", "id": "CNVD-2020-19250" }, { "db": "JVNDB", "id": "JVNDB-2019-014854" }, { "db": "NVD", "id": "CVE-2019-18336" }, { "db": "CNNVD", "id": "CNNVD-202003-468" } ] }, "id": "VAR-202003-0886", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "23361b8a-fcc5-462c-9762-a23bcf79ba39" }, { "db": "CNVD", "id": "CNVD-2020-19250" } ], "trust": 1.39538991 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "23361b8a-fcc5-462c-9762-a23bcf79ba39" }, { "db": "CNVD", "id": "CNVD-2020-19250" } ] }, "last_update_date": "2023-12-18T13:01:52.513000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-508982", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-508982.pdf" }, { "title": "Patch for Siemens SIMATIC S7-300 CPU and SINUMERIK Controller resource management error vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/210819" }, { "title": "Multiple Siemens Product resource management error vulnerability fixes", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=124060" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-19250" }, { "db": "JVNDB", "id": "JVNDB-2019-014854" }, { "db": "CNNVD", "id": "CNNVD-202003-468" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014854" }, { "db": "NVD", "id": "CVE-2019-18336" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-508982.pdf" }, { "trust": 1.4, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-02" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18336" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18336" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/siemens-simatic-s7-300-denial-of-service-31764" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/46130" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-070-02" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-19250" }, { "db": "JVNDB", "id": "JVNDB-2019-014854" }, { "db": "NVD", "id": "CVE-2019-18336" }, { "db": "CNNVD", "id": "CNNVD-202003-468" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "23361b8a-fcc5-462c-9762-a23bcf79ba39" }, { "db": "CNVD", "id": "CNVD-2020-19250" }, { "db": "JVNDB", "id": "JVNDB-2019-014854" }, { "db": "NVD", "id": "CVE-2019-18336" }, { "db": "CNNVD", "id": "CNNVD-202003-468" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-10T00:00:00", "db": "IVD", "id": "23361b8a-fcc5-462c-9762-a23bcf79ba39" }, { "date": "2020-03-25T00:00:00", "db": "CNVD", "id": "CNVD-2020-19250" }, { "date": "2020-03-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014854" }, { "date": "2020-03-10T20:15:18.633000", "db": "NVD", "id": "CVE-2019-18336" }, { "date": "2020-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-468" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-25T00:00:00", "db": "CNVD", "id": "CNVD-2020-19250" }, { "date": "2020-03-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014854" }, { "date": "2020-09-29T00:13:34.610000", "db": "NVD", "id": "CVE-2019-18336" }, { "date": "2020-07-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-468" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-468" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens SIMATIC S7-300 CPU and SINUMERIK Controller Resource Management Error Vulnerability", "sources": [ { "db": "IVD", "id": "23361b8a-fcc5-462c-9762-a23bcf79ba39" }, { "db": "CNVD", "id": "CNVD-2020-19250" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Resource management error", "sources": [ { "db": "IVD", "id": "23361b8a-fcc5-462c-9762-a23bcf79ba39" }, { "db": "CNNVD", "id": "CNNVD-202003-468" } ], "trust": 0.8 } }
var-202011-1492
Vulnerability from variot
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service. Several Siemens products contain resource exhaustion vulnerabilities.Denial of service (DoS) It may be put into a state. Siemens SIMATIC S7-300 CPUs are a CPU (Central Processing Unit) module of Siemens (Siemens), Germany. Siemens SINUMERIK 840D sl is a set of advanced machine tool CNC system from Siemens (Siemens) in Germany.
Siemens SIMATIC S7-300 CPUs and SINUMERIK Controller have a denial of service vulnerability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202011-1492", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic s7-300 cpu 312", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-300 cpu 315-2 pn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-300 cpu 317-2 dp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-300 cpu 314", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-300 cpu 315f-2 dp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-300 cpu 315-2 dp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-300 cpu 315f-2 pn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-300 cpu 317f-2 pn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-300 cpu 317f-2 dp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic tdc cpu555", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-300 cpu 317-2 pn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "s7-300 cpu 315f-2 pn", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "s7-300 cpu 315-2 pn", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "sinumerik 840d sl", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "s7-300 cpu 315f-2 dp", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-300 cpu 314", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "s7-300 cpu 317f-2 pn", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-300 cpu 315-2 dp", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "s7-300 cpu 312", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "s7-300 cpu 317-2 dp", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "s7-300 cpu 317-2 pn", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "sinumerik 840d sl", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic s7-300 cpu family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-61956" }, { "db": "JVNDB", "id": "JVNDB-2020-013577" }, { "db": "NVD", "id": "CVE-2020-15783" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_312_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_312:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_314_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_dp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_dp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315f-2_dp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315f-2_dp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315f-2_pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315f-2_pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317f-2_pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317f-2_pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317f-2_dp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317f-2_dp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_tdc_cpu555_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_tdc_cpu555:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-15783" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "WangFangLi from Beijing Winicssec Technology CO reported this vulnerability to Siemens.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202011-741" } ], "trust": 0.6 }, "cve": "CVE-2020-15783", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2020-15783", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 5.4, "confidentialityImpact": "NONE", "exploitabilityScore": 4.9, "id": "CNVD-2020-61956", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2020-15783", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-15783", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2020-61956", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202011-741", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-61956" }, { "db": "JVNDB", "id": "JVNDB-2020-013577" }, { "db": "NVD", "id": "CVE-2020-15783" }, { "db": "CNNVD", "id": "CNNVD-202011-741" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service. Several Siemens products contain resource exhaustion vulnerabilities.Denial of service (DoS) It may be put into a state. Siemens SIMATIC S7-300 CPUs are a CPU (Central Processing Unit) module of Siemens (Siemens), Germany. Siemens SINUMERIK 840D sl is a set of advanced machine tool CNC system from Siemens (Siemens) in Germany. \n\r\n\r\nSiemens SIMATIC S7-300 CPUs and SINUMERIK Controller have a denial of service vulnerability", "sources": [ { "db": "NVD", "id": "CVE-2020-15783" }, { "db": "JVNDB", "id": "JVNDB-2020-013577" }, { "db": "CNVD", "id": "CNVD-2020-61956" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-15783", "trust": 3.0 }, { "db": "SIEMENS", "id": "SSA-492828", "trust": 2.2 }, { "db": "JVN", "id": "JVNVU98046719", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-013577", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-61956", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.4045", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-315-04", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202011-741", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-61956" }, { "db": "JVNDB", "id": "JVNDB-2020-013577" }, { "db": "NVD", "id": "CVE-2020-15783" }, { "db": "CNNVD", "id": "CNNVD-202011-741" } ] }, "id": "VAR-202011-1492", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-61956" } ], "trust": 1.2706459300000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-61956" } ] }, "last_update_date": "2023-12-18T13:23:02.782000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-492828", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf" }, { "title": "Patch for Siemens SIMATIC S7-300 CPUs and SINUMERIK Controller denial of service vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/239452" }, { "title": "Siemens SIMATIC S7-300 Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=135429" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-61956" }, { "db": "JVNDB", "id": "JVNDB-2020-013577" }, { "db": "CNNVD", "id": "CNNVD-202011-741" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.0 }, { "problemtype": "Resource exhaustion (CWE-400) [ Other ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-013577" }, { "db": "NVD", "id": "CVE-2020-15783" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15783" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98046719/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4045/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/simatic-s7-300-denial-of-service-via-port-102-packets-33869" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-315-04" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-61956" }, { "db": "JVNDB", "id": "JVNDB-2020-013577" }, { "db": "NVD", "id": "CVE-2020-15783" }, { "db": "CNNVD", "id": "CNNVD-202011-741" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-61956" }, { "db": "JVNDB", "id": "JVNDB-2020-013577" }, { "db": "NVD", "id": "CVE-2020-15783" }, { "db": "CNNVD", "id": "CNNVD-202011-741" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-11-12T00:00:00", "db": "CNVD", "id": "CNVD-2020-61956" }, { "date": "2021-07-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-013577" }, { "date": "2020-11-12T20:15:16.343000", "db": "NVD", "id": "CVE-2020-15783" }, { "date": "2020-11-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202011-741" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-11-11T00:00:00", "db": "CNVD", "id": "CNVD-2020-61956" }, { "date": "2021-07-08T07:56:00", "db": "JVNDB", "id": "JVNDB-2020-013577" }, { "date": "2022-12-06T21:18:30.510000", "db": "NVD", "id": "CVE-2020-15783" }, { "date": "2021-08-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202011-741" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202011-741" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Resource exhaustion vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-013577" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202011-741" } ], "trust": 0.6 } }
var-201812-0459
Vulnerability from variot
A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to cause a Denial-of-Service condition of the VNC server. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 828D and SINUMERIK 840D sl Contains vulnerabilities related to authorization, permissions, and access control.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. Security vulnerabilities exist in several Siemens products. A heap based buffer-overflow vulnerability. 2. An integer overflow vulnerability. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0459", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sinumerik 840d sl", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 828d", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.9, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.9, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 0.9, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 840d sl", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 840d sp6 hf5", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 840d sp3", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 828d sp6 hf1", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "sinumerik 840d sl", "version": "*" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl sp3", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl sp6 hf5", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d sp6 hf1", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 828d", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7d8171b0-463f-11e9-8d83-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25421" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013112" }, { "db": "NVD", "id": "CVE-2018-11464" }, { "db": "CNNVD", "id": "CNNVD-201812-605" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_828d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-11464" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.", "sources": [ { "db": "BID", "id": "106185" } ], "trust": 0.3 }, "cve": "CVE-2018-11464", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-11464", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2018-25421", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "7d8171b0-463f-11e9-8d83-000c29342cb1", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-121326", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitabilityScore": 2.2, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 3.7, "baseSeverity": "Low", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-11464", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-11464", "trust": 1.8, "value": "LOW" }, { "author": "CNVD", "id": "CNVD-2018-25421", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201812-605", "trust": 0.6, "value": "LOW" }, { "author": "IVD", "id": "7d8171b0-463f-11e9-8d83-000c29342cb1", "trust": 0.2, "value": "LOW" }, { "author": "VULHUB", "id": "VHN-121326", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "7d8171b0-463f-11e9-8d83-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25421" }, { "db": "VULHUB", "id": "VHN-121326" }, { "db": "JVNDB", "id": "JVNDB-2018-013112" }, { "db": "NVD", "id": "CVE-2018-11464" }, { "db": "CNNVD", "id": "CNNVD-201812-605" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to cause a Denial-of-Service condition of the VNC server. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 828D and SINUMERIK 840D sl Contains vulnerabilities related to authorization, permissions, and access control.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. Security vulnerabilities exist in several Siemens products. A heap based buffer-overflow vulnerability. \n2. An integer overflow vulnerability. \n3. A security bypass vulnerability. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc", "sources": [ { "db": "NVD", "id": "CVE-2018-11464" }, { "db": "JVNDB", "id": "JVNDB-2018-013112" }, { "db": "CNVD", "id": "CNVD-2018-25421" }, { "db": "BID", "id": "106185" }, { "db": "IVD", "id": "7d8171b0-463f-11e9-8d83-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-121326" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-11464", "trust": 3.6 }, { "db": "SIEMENS", "id": "SSA-170881", "trust": 2.6 }, { "db": "BID", "id": "106185", "trust": 2.0 }, { "db": "ICS CERT", "id": "ICSA-18-345-02", "trust": 1.1 }, { "db": "CNNVD", "id": "CNNVD-201812-605", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-25421", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-013112", "trust": 0.8 }, { "db": "IVD", "id": "7D8171B0-463F-11E9-8D83-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-121326", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7d8171b0-463f-11e9-8d83-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25421" }, { "db": "VULHUB", "id": "VHN-121326" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013112" }, { "db": "NVD", "id": "CVE-2018-11464" }, { "db": "CNNVD", "id": "CNNVD-201812-605" } ] }, "id": "VAR-201812-0459", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "7d8171b0-463f-11e9-8d83-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25421" }, { "db": "VULHUB", "id": "VHN-121326" } ], "trust": 1.7086762260000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "7d8171b0-463f-11e9-8d83-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25421" } ] }, "last_update_date": "2023-12-18T12:00:50.895000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-170881", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "title": "Patches for multiple Siemens product denial of service vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/147349" }, { "title": "Multiple Siemens Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87849" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25421" }, { "db": "JVNDB", "id": "JVNDB-2018-013112" }, { "db": "CNNVD", "id": "CNNVD-201812-605" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-264", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013112" }, { "db": "NVD", "id": "CVE-2018-11464" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/106185" }, { "trust": 1.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11464" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11464" }, { "trust": 0.3, "url": "http://subscriber.communications.siemens.com/" }, { "trust": 0.3, "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25421" }, { "db": "VULHUB", "id": "VHN-121326" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013112" }, { "db": "NVD", "id": "CVE-2018-11464" }, { "db": "CNNVD", "id": "CNNVD-201812-605" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "7d8171b0-463f-11e9-8d83-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25421" }, { "db": "VULHUB", "id": "VHN-121326" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013112" }, { "db": "NVD", "id": "CVE-2018-11464" }, { "db": "CNNVD", "id": "CNNVD-201812-605" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-14T00:00:00", "db": "IVD", "id": "7d8171b0-463f-11e9-8d83-000c29342cb1" }, { "date": "2018-12-14T00:00:00", "db": "CNVD", "id": "CNVD-2018-25421" }, { "date": "2018-12-12T00:00:00", "db": "VULHUB", "id": "VHN-121326" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013112" }, { "date": "2018-12-12T16:29:00.590000", "db": "NVD", "id": "CVE-2018-11464" }, { "date": "2018-12-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-605" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-14T00:00:00", "db": "CNVD", "id": "CNVD-2018-25421" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-121326" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-03-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013112" }, { "date": "2019-10-09T23:33:33.947000", "db": "NVD", "id": "CVE-2018-11464" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-605" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-605" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SINUMERIK 828D and SINUMERIK 840D sl Vulnerabilities related to authorization, permissions, and access control", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013112" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-605" } ], "trust": 0.6 } }
var-201812-0454
Vulnerability from variot
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could modify a user-writeable configuration file so that after reboot or manual initiation the system reloads the modified configuration file and attacker-controlled code is executed with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A security hole exists in the Siemens SINUMERIK CNC Controller. A heap based buffer-overflow vulnerability. 2. An integer overflow vulnerability. 3. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0454", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sinumerik 840d sl v4.8", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 808d v4.7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinumerik 828d v4.7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d v4.8", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinumerik 840d sl v4.7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 840d sl", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 840d sp6 hf5", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 840d sp3", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 828d sp6 hf1", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 808d v4.8", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinumerik 808d v4.7", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d v4.7", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl v4.8", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl v4.7", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl sp3", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl sp6 hf5", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d sp6 hf1", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 808d v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 808d v4 8", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 828d v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl v4 8", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7d823501-463f-11e9-82ca-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25416" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013323" }, { "db": "NVD", "id": "CVE-2018-11459" }, { "db": "CNNVD", "id": "CNNVD-201812-600" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_808d_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_808d_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_808d_v4.8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_808d_v4.8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_828d_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl_v4.7:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_v4.8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl_v4.8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-11459" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.", "sources": [ { "db": "BID", "id": "106185" } ], "trust": 0.3 }, "cve": "CVE-2018-11459", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.2, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2018-11459", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2018-25416", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "7d823501-463f-11e9-82ca-000c29342cb1", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "VHN-121320", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-11459", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-11459", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-25416", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201812-600", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "7d823501-463f-11e9-82ca-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-121320", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "7d823501-463f-11e9-82ca-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25416" }, { "db": "VULHUB", "id": "VHN-121320" }, { "db": "JVNDB", "id": "JVNDB-2018-013323" }, { "db": "NVD", "id": "CVE-2018-11459" }, { "db": "CNNVD", "id": "CNNVD-201812-600" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). A local attacker could modify a user-writeable configuration file so that after reboot or manual initiation the system reloads the modified configuration file and attacker-controlled code is executed with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A security hole exists in the Siemens SINUMERIK CNC Controller. A heap based buffer-overflow vulnerability. \n2. An integer overflow vulnerability. \n3. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc", "sources": [ { "db": "NVD", "id": "CVE-2018-11459" }, { "db": "JVNDB", "id": "JVNDB-2018-013323" }, { "db": "CNVD", "id": "CNVD-2018-25416" }, { "db": "BID", "id": "106185" }, { "db": "IVD", "id": "7d823501-463f-11e9-82ca-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-121320" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-11459", "trust": 3.6 }, { "db": "SIEMENS", "id": "SSA-170881", "trust": 2.6 }, { "db": "BID", "id": "106185", "trust": 2.0 }, { "db": "ICS CERT", "id": "ICSA-18-345-02", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-201812-600", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-25416", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-013323", "trust": 0.8 }, { "db": "IVD", "id": "7D823501-463F-11E9-82CA-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-121320", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7d823501-463f-11e9-82ca-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25416" }, { "db": "VULHUB", "id": "VHN-121320" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013323" }, { "db": "NVD", "id": "CVE-2018-11459" }, { "db": "CNNVD", "id": "CNNVD-201812-600" } ] }, "id": "VAR-201812-0454", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "7d823501-463f-11e9-82ca-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25416" }, { "db": "VULHUB", "id": "VHN-121320" } ], "trust": 1.7086762260000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "7d823501-463f-11e9-82ca-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25416" } ] }, "last_update_date": "2023-12-18T12:00:50.856000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-170881", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "title": "Patches for multiple Siemens product protection mechanism failure vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/147311" }, { "title": "Multiple Siemens Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87844" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25416" }, { "db": "JVNDB", "id": "JVNDB-2018-013323" }, { "db": "CNNVD", "id": "CNNVD-201812-600" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-264", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013323" }, { "db": "NVD", "id": "CVE-2018-11459" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "trust": 1.7, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/106185" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11459" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11459" }, { "trust": 0.3, "url": "http://subscriber.communications.siemens.com/" }, { "trust": 0.3, "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25416" }, { "db": "VULHUB", "id": "VHN-121320" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013323" }, { "db": "NVD", "id": "CVE-2018-11459" }, { "db": "CNNVD", "id": "CNNVD-201812-600" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "7d823501-463f-11e9-82ca-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25416" }, { "db": "VULHUB", "id": "VHN-121320" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013323" }, { "db": "NVD", "id": "CVE-2018-11459" }, { "db": "CNNVD", "id": "CNNVD-201812-600" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-14T00:00:00", "db": "IVD", "id": "7d823501-463f-11e9-82ca-000c29342cb1" }, { "date": "2018-12-14T00:00:00", "db": "CNVD", "id": "CNVD-2018-25416" }, { "date": "2018-12-12T00:00:00", "db": "VULHUB", "id": "VHN-121320" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-02-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013323" }, { "date": "2018-12-12T16:29:00.357000", "db": "NVD", "id": "CVE-2018-11459" }, { "date": "2018-12-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-600" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-14T00:00:00", "db": "CNVD", "id": "CNVD-2018-25416" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-121320" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-03-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013323" }, { "date": "2019-10-09T23:33:33.010000", "db": "NVD", "id": "CVE-2018-11459" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-600" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-600" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural SINUMERIK Vulnerabilities related to authorization, authority, and access control in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013323" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-600" } ], "trust": 0.6 } }
var-201812-0453
Vulnerability from variot
A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 5900/tcp. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 828D and SINUMERIK 840D Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. An integer overflow vulnerability exists in the Siemens SINUMERIK CNC Controller. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities: 1. A heap based buffer-overflow vulnerability. 2. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0453", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sinumerik 828d v4.7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl v4.8", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl v4.7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 840d sl", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 840d sp6 hf5", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 840d sp3", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 828d sp6 hf1", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 828d v4.7", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl v4.8", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl v4.7", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl sp3", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl sp6 hf5", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d sp6 hf1", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 828d v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl v4 8", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25415" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013322" }, { "db": "NVD", "id": "CVE-2018-11458" }, { "db": "CNNVD", "id": "CNNVD-201812-599" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_828d_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_v4.8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl_v4.8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-11458" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.", "sources": [ { "db": "BID", "id": "106185" } ], "trust": 0.3 }, "cve": "CVE-2018-11458", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2018-11458", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2018-25415", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-121319", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-11458", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-11458", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-25415", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201812-599", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-121319", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25415" }, { "db": "VULHUB", "id": "VHN-121319" }, { "db": "JVNDB", "id": "JVNDB-2018-013322" }, { "db": "NVD", "id": "CVE-2018-11458" }, { "db": "CNNVD", "id": "CNNVD-201812-599" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 5900/tcp. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 828D and SINUMERIK 840D Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. An integer overflow vulnerability exists in the Siemens SINUMERIK CNC Controller. Siemens SINUMERIK Controllers is prone to the following security vulnerabilities:\n1. A heap based buffer-overflow vulnerability. \n2. \n3. A security bypass vulnerability. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc", "sources": [ { "db": "NVD", "id": "CVE-2018-11458" }, { "db": "JVNDB", "id": "JVNDB-2018-013322" }, { "db": "CNVD", "id": "CNVD-2018-25415" }, { "db": "BID", "id": "106185" }, { "db": "IVD", "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-121319" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-11458", "trust": 3.6 }, { "db": "SIEMENS", "id": "SSA-170881", "trust": 2.6 }, { "db": "BID", "id": "106185", "trust": 2.0 }, { "db": "ICS CERT", "id": "ICSA-18-345-02", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-201812-599", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-25415", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-013322", "trust": 0.8 }, { "db": "IVD", "id": "7D81E6E0-463F-11E9-A90D-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-121319", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25415" }, { "db": "VULHUB", "id": "VHN-121319" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013322" }, { "db": "NVD", "id": "CVE-2018-11458" }, { "db": "CNNVD", "id": "CNNVD-201812-599" } ] }, "id": "VAR-201812-0453", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25415" }, { "db": "VULHUB", "id": "VHN-121319" } ], "trust": 1.7086762260000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25415" } ] }, "last_update_date": "2023-12-18T12:00:51.081000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-170881", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "title": "Patches for multiple Siemens product integer overflow vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/147315" }, { "title": "Multiple Siemens Product digital error vulnerability fixes", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87843" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25415" }, { "db": "JVNDB", "id": "JVNDB-2018-013322" }, { "db": "CNNVD", "id": "CNNVD-201812-599" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-264", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013322" }, { "db": "NVD", "id": "CVE-2018-11458" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "trust": 1.7, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/106185" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11458" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11458" }, { "trust": 0.3, "url": "http://subscriber.communications.siemens.com/" }, { "trust": 0.3, "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25415" }, { "db": "VULHUB", "id": "VHN-121319" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013322" }, { "db": "NVD", "id": "CVE-2018-11458" }, { "db": "CNNVD", "id": "CNNVD-201812-599" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25415" }, { "db": "VULHUB", "id": "VHN-121319" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013322" }, { "db": "NVD", "id": "CVE-2018-11458" }, { "db": "CNNVD", "id": "CNNVD-201812-599" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-14T00:00:00", "db": "IVD", "id": "7d81e6e0-463f-11e9-a90d-000c29342cb1" }, { "date": "2018-12-14T00:00:00", "db": "CNVD", "id": "CNVD-2018-25415" }, { "date": "2018-12-12T00:00:00", "db": "VULHUB", "id": "VHN-121319" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-02-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013322" }, { "date": "2018-12-12T16:29:00.310000", "db": "NVD", "id": "CVE-2018-11458" }, { "date": "2018-12-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-599" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-14T00:00:00", "db": "CNVD", "id": "CNVD-2018-25415" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-121319" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-03-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013322" }, { "date": "2019-10-09T23:33:32.853000", "db": "NVD", "id": "CVE-2018-11458" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-599" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-599" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SINUMERIK 828D and SINUMERIK 840D Vulnerabilities related to authorization, permissions, and access control", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013322" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-599" } ], "trust": 0.6 } }
var-201812-0455
Vulnerability from variot
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker with elevated user privileges (manufact) could modify a CRAMFS archive so that after reboot the system loads the modified CRAMFS file and attacker-controlled code is executed with root privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires elevated user privileges (manufact) but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A security hole exists in the Siemens SINUMERIK CNC Controller. A heap based buffer-overflow vulnerability. 2. An integer overflow vulnerability. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0455", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sinumerik 840d sl v4.8", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 808d v4.7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinumerik 828d v4.7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d v4.8", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinumerik 840d sl v4.7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 840d sl", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 840d sp6 hf5", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 840d sp3", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 828d sp6 hf1", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 808d v4.8", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinumerik 808d v4.7", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d v4.7", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl v4.8", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl v4.7", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl sp3", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl sp6 hf5", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d sp6 hf1", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 808d v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 808d v4 8", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 828d v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl v4 8", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7d823500-463f-11e9-b618-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25417" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013315" }, { "db": "NVD", "id": "CVE-2018-11460" }, { "db": "CNNVD", "id": "CNNVD-201812-601" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_808d_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_808d_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_808d_v4.8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_808d_v4.8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_828d_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl_v4.7:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_v4.8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl_v4.8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-11460" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.", "sources": [ { "db": "BID", "id": "106185" } ], "trust": 0.3 }, "cve": "CVE-2018-11460", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.2, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2018-11460", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2018-25417", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "7d823500-463f-11e9-b618-000c29342cb1", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "VHN-121322", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-11460", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-11460", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-25417", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201812-601", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "7d823500-463f-11e9-b618-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-121322", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "7d823500-463f-11e9-b618-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25417" }, { "db": "VULHUB", "id": "VHN-121322" }, { "db": "JVNDB", "id": "JVNDB-2018-013315" }, { "db": "NVD", "id": "CVE-2018-11460" }, { "db": "CNNVD", "id": "CNNVD-201812-601" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). A local attacker with elevated user privileges (manufact) could modify a CRAMFS archive so that after reboot the system loads the modified CRAMFS file and attacker-controlled code is executed with root privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires elevated user privileges (manufact) but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. A security hole exists in the Siemens SINUMERIK CNC Controller. A heap based buffer-overflow vulnerability. \n2. An integer overflow vulnerability. \n3. A security bypass vulnerability. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc", "sources": [ { "db": "NVD", "id": "CVE-2018-11460" }, { "db": "JVNDB", "id": "JVNDB-2018-013315" }, { "db": "CNVD", "id": "CNVD-2018-25417" }, { "db": "BID", "id": "106185" }, { "db": "IVD", "id": "7d823500-463f-11e9-b618-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-121322" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-11460", "trust": 3.6 }, { "db": "BID", "id": "106185", "trust": 2.0 }, { "db": "SIEMENS", "id": "SSA-170881", "trust": 2.0 }, { "db": "ICS CERT", "id": "ICSA-18-345-02", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-201812-601", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-25417", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-013315", "trust": 0.8 }, { "db": "IVD", "id": "7D823500-463F-11E9-B618-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-121322", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7d823500-463f-11e9-b618-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25417" }, { "db": "VULHUB", "id": "VHN-121322" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013315" }, { "db": "NVD", "id": "CVE-2018-11460" }, { "db": "CNNVD", "id": "CNNVD-201812-601" } ] }, "id": "VAR-201812-0455", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "7d823500-463f-11e9-b618-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25417" }, { "db": "VULHUB", "id": "VHN-121322" } ], "trust": 1.7086762260000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "7d823500-463f-11e9-b618-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25417" } ] }, "last_update_date": "2023-12-18T12:00:51.007000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-170881", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "title": "Patches for multiple Siemens Product Protection Mechanism Vulnerabilities (CNVD-2018-25417)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/147321" }, { "title": "Multiple Siemens Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87845" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25417" }, { "db": "JVNDB", "id": "JVNDB-2018-013315" }, { "db": "CNNVD", "id": "CNNVD-201812-601" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-284", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013315" }, { "db": "NVD", "id": "CVE-2018-11460" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "trust": 1.7, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/106185" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11460" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11460" }, { "trust": 0.3, "url": "http://subscriber.communications.siemens.com/" }, { "trust": 0.3, "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25417" }, { "db": "VULHUB", "id": "VHN-121322" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013315" }, { "db": "NVD", "id": "CVE-2018-11460" }, { "db": "CNNVD", "id": "CNNVD-201812-601" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "7d823500-463f-11e9-b618-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25417" }, { "db": "VULHUB", "id": "VHN-121322" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013315" }, { "db": "NVD", "id": "CVE-2018-11460" }, { "db": "CNNVD", "id": "CNNVD-201812-601" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-14T00:00:00", "db": "IVD", "id": "7d823500-463f-11e9-b618-000c29342cb1" }, { "date": "2018-12-14T00:00:00", "db": "CNVD", "id": "CNVD-2018-25417" }, { "date": "2018-12-12T00:00:00", "db": "VULHUB", "id": "VHN-121322" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-02-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013315" }, { "date": "2018-12-12T16:29:00.403000", "db": "NVD", "id": "CVE-2018-11460" }, { "date": "2018-12-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-601" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-14T00:00:00", "db": "CNVD", "id": "CNVD-2018-25417" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-121322" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-03-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013315" }, { "date": "2019-10-09T23:33:33.183000", "db": "NVD", "id": "CVE-2018-11460" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-601" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-601" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural SINUMERIK Access control vulnerabilities in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013315" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-601" } ], "trust": 0.6 } }
var-201705-3221
Vulnerability from variot
Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices. SIMATIC HMI is an industrial device from Siemens AG, Germany. The SIMATIC HMI panels are used for operator control and monitoring of machines and equipment. Multiple Siemens Products is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause a denial-of-service condition. Manual restart of the server is required to resume normal operation. A vulnerability has been identified in SIMATIC CP 343-1 Std (All versions), SIMATIC CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std (All versions < V3.2.17), SIMATIC CP 443-1 Adv (All versions < V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions < V2.1.82), SIMATIC CP 1243-1 IRC (All versions < V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions < V2.0), SIMATIC CM 1542SP-1 (All versions < V1.0.15), SIMATIC CP 1542SP-1 IRC (All versions < V1.0.15), SIMATIC CP 1543SP-1 (All versions < V1.0.15), SIMATIC CP 1543-1 (All versions < V2.1), SIMATIC RF650R (All versions < V3.0), SIMATIC RF680R (All versions < V3.0), SIMATIC RF685R (All versions < V3.0), SIMATIC CP 1616 (All versions < V2.7), SIMATIC CP 1604 (All versions < V2.7), SIMATIC DK-16xx PN IO (All versions < V2.7), SCALANCE X-200 (All versions < V5.2.2), SCALANCE X-200 IRT (All versions), SCALANCE X-300/X408 (All versions < V4.1.0), SCALANCE X414 (All versions < V3.10.2), SCALANCE XM400 (All versions < V6.1), SCALANCE XR500 (All versions < V6.1), SCALANCE W700 (All versions < V6.1), SCALANCE M-800, S615 (All versions < V4.03), Softnet PROFINET IO for PC-based Windows systems (All versions < V14 SP1), IE/PB-Link (All versions < V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions < V1.2.0), SITOP UPS1600 PROFINET (All versions < V2.2.0), SIMATIC ET 200AL (All versions < V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions < V4.0.1), SIMATIC ET 200MP IM155-5 PN ST (All versions < V4.1), SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST) (All versions), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM155-6 PN ST (All versions < V4.1.0), SIMATIC ET 200SP (except IM155-6 PN ST) (All versions), SIMATIC PN/PN Coupler (All versions < V4.0), Development/Evaluation Kit DK Standard Ethernet Controller (All versions < V4.1.1 Patch04), Development/Evaluation Kit EK-ERTEC 200P (All versions < V4.4.0 Patch01), Development/Evaluation Kit EK-ERTEC 200 (All versions < V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions < V2.3), SIMATIC S7-300 incl. F and T (All versions < V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.6), SIMATIC S7-400-H V6 (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions < V7.0.2), SIMATIC S7-410 (All versions < V8.2), SIMATIC S7-1200 incl. F (All versions < V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions < V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions < V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft Starter 3RW44 PN (All versions), SIRIUS Motor Starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions < V2.0.0), SINAMICS DCM w. PN (All versions < V1.4 SP1 HF5), SINAMICS DCP w. PN (All versions < V1.2 HF 1), SINAMICS G110M w. PN (All versions < V4.7 SP6 HF3), SINAMICS G120(C/P/D) w. PN (All versions < V4.7 SP6 HF3), SINAMICS G130 V4.7 w. PN (All versions < V4.7 HF27), SINAMICS G150 V4.7 w. PN (V4.7: All versions < V4.7 HF27), SINAMICS G130 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS G150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS S110 w. PN (All versions < V4.4 SP3 HF5), SINAMICS S120 V4.7 w. PN (All versions < V4.7 HF27), and others. Siemens SIMATIC S7-300 F, etc. Siemens SIMATIC S7-300 F is a process controller. SIMATIC HMI Comfort Panels are touch screens
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3221", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sinumerik 828d", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": "4.5" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": "4.5" }, { "model": "simatic hmi comfort panels", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic hmi mobile panels", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1 adv", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1500 software controller", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "simatic teleservice adapter ie basic modem", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic tdc cp51m1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.8" }, { "model": "simatic cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.15" }, { "model": "simatic cp 1243-1 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.82" }, { "model": "sinamics dcm", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.4" }, { "model": "sirius act 3su1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.0" }, { "model": "simatic rf680r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic cp 1543sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.15" }, { "model": "sinamics g120\\ pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic et 200al", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.2" }, { "model": "simatic cp 1543sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "simatic cp 443-1 adv", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2.17" }, { "model": "scalance x414", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.10.2" }, { "model": "sinumerik 828d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "sinumerik 840d sl", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "softnet profinet io", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "14" }, { "model": "simatic et 200pro", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ek-ertec 200 pn io", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.2.1" }, { "model": "simatic cp 1243-1 dnp3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance x300", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.0" }, { "model": "scalance s615", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.03" }, { "model": "sinamics s110 pn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.4" }, { "model": "simatic s7-400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.0.6" }, { "model": "simatic et 200m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ups1600 profinet", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.0" }, { "model": "sinamics dcp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.2" }, { "model": "simotion", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "sinamics dcm", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.4" }, { "model": "dk standard ethernet controller", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.1" }, { "model": "sinamics s120", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics g110m", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics g130", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "scalance xr500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.1" }, { "model": "simatic s7-200 smart", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "simatic et 200s", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.82" }, { "model": "ek-ertec 200p pn io", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.4.0" }, { "model": "simatic dk-16xx pn io", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "simatic tdc cpu555", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.1" }, { "model": "simatic cp 1616", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "sinamics s120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic et 200sp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2.0" }, { "model": "sinamics g150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "scalance w700", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.1" }, { "model": "simatic teleservice adapter ie advanced modem", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics g110m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sirius motor starter m200d profinet", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "softnet profinet io", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14" }, { "model": "sinamics g130", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "scalance xm400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.1" }, { "model": "sirius soft starter 3rw44 pn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic hmi multi panels", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic winac rtx", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2010" }, { "model": "simocode pro v profinet", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0.0" }, { "model": "sinamics s110 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.4" }, { "model": "simatic hmi mobile panels", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic rf650r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "ek-ertec 200 pn io", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2.1" }, { "model": "sinamics s150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics g150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic cp 343-1 lean", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.1.3" }, { "model": "ie\\/pb-link", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "scalance x200 irt", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.4.0" }, { "model": "pn\\/pn coupler", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic cp 1604", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "simatic et 200ecopn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ek-ertec 200p pn io", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.4.0" }, { "model": "ie\\/as-i link pn io", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic rf685r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "sinamics v90 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.01" }, { "model": "simatic cp 443-1 std", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2.17" }, { "model": "sinamics s150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic s7-300", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "simatic s7-1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "simatic cp 1243-1 iec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cm 1542sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.15" }, { "model": "scalance x200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.2" }, { "model": "simatic s7-1200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2.1" }, { "model": "simatic cp 443-1 opc-ua", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic hmi comfort panels", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "scalance m-800", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.03" }, { "model": "simatic cp 343-1 std", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.1.3" }, { "model": "simatic teleservice adapter standard modem", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simotion", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "sinamics dcp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.2" }, { "model": "scalance x408", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.0" }, { "model": "sitop psu8600", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.2.0" }, { "model": "dk standard ethernet controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.1.1" }, { "model": "simatic cp 1542sp-1 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.15" }, { "model": "simatic et 200mp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0.1" }, { "model": "simatic cm 1542-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "simatic winac rtx", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2010" }, { "model": "dk standard ethernet controller", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ek-ertec 200 pn io", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ek-ertec 200p pn io", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ie/as-i link pn io", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ie/pb-link", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "pn/pn coupler", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance m-800", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance s615", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance w700", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x200 irt", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x200", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x300", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x408", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x414", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance xm400", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance xr500", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cm 1542-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1243-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1 irc", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543sp-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1604", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1616", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1 adv", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1 lean", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1 std", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1 adv", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1 opc-ua", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1 std", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic dk-16xx pn io", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200al", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200ecopn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200m", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200mp", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200pro", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200s", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200sp", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic hmi multi panels", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic rf650r", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic rf680r", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic rf685r", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-1200", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 software controller", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-200 smart", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-300", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-400", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic teleservice adapter ie advanced", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic teleservice adapter ie basic", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic teleservice adapter standard modem", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic winac rtx 2010", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simocode pro v profinet", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simotion", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics dcm", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics dcp", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics g110m", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics g120 w. pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics g130", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics g150", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics s110 w. pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics s120", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics s150", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics v90 w. pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 840d sl", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sirius act 3su1 interface module profinet", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sirius motor starter m200d profinet", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sirius soft starter 3rw44 pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sitop psu8600", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sitop ups1600 profinet", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "softnet profinet io", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "for pc-based windows systems firmware" }, { "model": "simatic hmi multi panels", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinamics g150", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.8" }, { "model": "simatic hmi mobile panels", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinamics s120", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.8" }, { "model": "simatic hmi comfort panels", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinamics s110 w. pn", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "sinumerik 828d", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "sinumerik 840d sl", "version": "*" }, { "model": "ups1600 profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "softnet profinet io", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sitop psu8600", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sirius soft starter 3rw44 pn", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sirius act 3su1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinumerik 840d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinamics sm150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics sm120", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics sl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7.5" }, { "model": "sinamics sl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7.4" }, { "model": "sinamics sl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics gm150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics gl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics gh150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simotion", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic winac rtx", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "20100" }, { "model": "simatic teleservice adapter standard modem", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-400", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-300", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-200 smart", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic rf685r", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic rf680r", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic rf650r", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic et", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "2000" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "443-10" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "343-10" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "16260" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "16160" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "16040" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1543-12.0.28" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1543-10" }, { "model": "simatic cp 1542sp-1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1243-80" }, { "model": "simatic cp lte eu/us", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1243-70" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1243-10" }, { "model": "simatic cp gprs", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1242-7v20" }, { "model": "scalance xr500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "scalance xm400", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x4140" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x4084.0" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x4083.0" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x3000" }, { "model": "scalance irt", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x2000" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x2000" }, { "model": "scalance w700 series", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.4" }, { "model": "scalance w700 series", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.5.4" }, { "model": "scalance s615", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "scalance m-800", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.02" }, { "model": "scalance m-800", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "ie/as-i link pn io", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "extension unit profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "22?0" }, { "model": "extension unit profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "19?0" }, { "model": "extension unit profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "15?0" }, { "model": "extension unit profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "12?0" }, { "model": "e/pb-link", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinumerik 840d sl", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics sm120 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics sl150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics gm150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics gl150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics gh150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "simatic rf685r", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "3.0" }, { "model": "simatic rf680r", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "3.0" }, { "model": "simatic cp", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "16162.7" }, { "model": "simatic cp 1604d", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "2.7" }, { "model": "simatic cp irc", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1243-82.1.82" }, { "model": "simatic cp lte eu/us", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1243-72.1.82" }, { "model": "simatic cp gprs", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1242-7v22.1.82" }, { "model": "simatic rf650r", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "3.0" }, { "model": "simatic cp", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "443-13.2.17" }, { "model": "simatic cp", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "15431.2.1" }, { "model": "simatic cm1542", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1.2" }, { "model": "scalance w700", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "6.1" }, { "model": "extension unit profinet", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "22?1.1.1" }, { "model": "extension unit profinet", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "19?1.1.1" }, { "model": "extension unit profinet", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "15?1.1.1" }, { "model": "extension unit profinet", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "12?1.1.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 343 1 std", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1542sp 1 irc", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1543sp 1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1543 1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf650r", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf680r", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf685r", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1616", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1604", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic dk 16xx pn io", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x200", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 343 1 lean", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x200 irt", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x300", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x408", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x414", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xm400", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xr500", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance w700", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance m 800", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance s615", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "softnet profinet io", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 343 1 adv", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ie pb link", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ie as i link pn io", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic teleservice adapter standard modem", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic teleservice adapter ie basic modem", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic teleservice adapter ie advanced modem", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sitop psu8600", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ups1600 profinet", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200al", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200ecopn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200m", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 443 1 std", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200mp", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200pro", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200s", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200sp", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "pn pn coupler", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "dk standard ethernet controller", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ek ertec 200p pn io", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ek ertec 200 pn io", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 200 smart", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 443 1 adv", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1200", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500 controller", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic winac rtx 2010", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sirius act 3su1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sirius soft starter 3rw44 pn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sirius motor starter m200d profinet", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simocode pro v profinet", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics dcm", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 443 1 opc ua", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics dcp", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g110m", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g120 c p d w pn", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g130", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s110 w pn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s120", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics v90 w pn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simotion", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1243 1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi comfort panels", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi multi panels", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi mobile panels", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cm 1542 1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1542sp 1", "version": null } ], "sources": [ { "db": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a" }, { "db": "CNVD", "id": "CNVD-2017-06153" }, { "db": "BID", "id": "98369" }, { "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "db": "NVD", "id": "CVE-2017-2681" }, { "db": "CNNVD", "id": "CNNVD-201705-639" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_343-1_std_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_343-1_std:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_343-1_lean_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_343-1_lean:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_343-1_adv_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_343-1_adv:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_std_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_443-1_std:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_adv_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_443-1_adv:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_opc-ua_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_443-1_opc-ua:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.82", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cm_1542-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cm_1542-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.15", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1542sp-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.15", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.15", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_rf650r_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_rf650r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_rf680r_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_rf680r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_rf685r_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_rf685r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1616_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1616:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1604_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1604:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_dk-16xx_pn_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_dk-16xx_pn_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x200_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.2.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x200_irt_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x200_irt:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x300_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x408_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x408:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x414_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.10.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x414:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_xm400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_xm400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_xr500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_xr500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_w700_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_w700:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.03", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.03", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:softnet_profinet_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:softnet_profinet_io_firmware:14:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:softnet_profinet_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ie\\/pb-link_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ie\\/pb-link:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ie\\/as-i_link_pn_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ie\\/as-i_link_pn_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_teleservice_adapter_standard_modem_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_teleservice_adapter_standard_modem:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_basic_modem_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_basic_modem:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_advanced_modem_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_advanced_modem:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sitop_psu8600_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sitop_psu8600:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ups1600_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ups1600_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200al_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200al:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200ecopn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200ecopn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200m_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200mp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200mp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200pro_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200pro:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200sp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200sp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:pn\\/pn_coupler_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:pn\\/pn_coupler:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:4.1.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:dk_standard_ethernet_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200p_pn_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200p_pn_io_firmware:4.4.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ek-ertec_200p_pn_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200_pn_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200_pn_io_firmware:4.2.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ek-ertec_200_pn_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-200_smart_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-200_smart:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.0.6", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2010", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_firmware:2010:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_winac_rtx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sirius_act_3su1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sirius_act_3su1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sirius_soft_starter_3rw44_pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sirius_soft_starter_3rw44_pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sirius_motor_starter_m200d_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sirius_motor_starter_m200d_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simocode_pro_v_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simocode_pro_v_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcm_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcm_firmware:1.4:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_dcm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcp_firmware:1.2:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g110m_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g110m_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g110m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g120\\(c\\/p\\/d\\)_pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g120\\(c\\/p\\/d\\)_pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g130_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g130_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g130:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g150_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s110_pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s110_pn_firmware:4.4:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s110_pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s120_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s120_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s150_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_v90_pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.01", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_v90_pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simotion_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:simotion_firmware:4.5:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simotion:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_firmware:4.5:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_828d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:4.5:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_multi_panels:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_multi_panels:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_mobile_panels:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_mobile_panels:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_irc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.82", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1_irc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_iec_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1_iec:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_dnp3_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cm_1542sp-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.15", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cm_1542sp-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:simatic_s7-1500_software_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_828d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_tdc_cpu555_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_tdc_cpu555:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_tdc_cp51m1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-2681" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Duan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team.", "sources": [ { "db": "BID", "id": "98369" } ], "trust": 0.3 }, "cve": "CVE-2017-2681", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Adjacent Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 6.1, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2017-2681", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "CNVD-2017-06153", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "33467505-7492-4ae1-b978-12f61201709a", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "VHN-110884", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Adjacent Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2017-2681", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-2681", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2017-06153", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201705-639", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-110884", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a" }, { "db": "CNVD", "id": "CNVD-2017-06153" }, { "db": "VULHUB", "id": "VHN-110884" }, { "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "db": "NVD", "id": "CVE-2017-2681" }, { "db": "CNNVD", "id": "CNNVD-201705-639" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices. SIMATIC HMI is an industrial device from Siemens AG, Germany. The SIMATIC HMI panels are used for operator control and monitoring of machines and equipment. Multiple Siemens Products is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause a denial-of-service condition. Manual restart of the server is required to resume normal operation. A vulnerability has been identified in SIMATIC CP 343-1 Std (All versions), SIMATIC CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std (All versions \u003c V3.2.17), SIMATIC CP 443-1 Adv (All versions \u003c V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions \u003c V2.1.82), SIMATIC CP 1243-1 IRC (All versions \u003c V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions \u003c V2.0), SIMATIC CM 1542SP-1 (All versions \u003c V1.0.15), SIMATIC CP 1542SP-1 IRC (All versions \u003c V1.0.15), SIMATIC CP 1543SP-1 (All versions \u003c V1.0.15), SIMATIC CP 1543-1 (All versions \u003c V2.1), SIMATIC RF650R (All versions \u003c V3.0), SIMATIC RF680R (All versions \u003c V3.0), SIMATIC RF685R (All versions \u003c V3.0), SIMATIC CP 1616 (All versions \u003c V2.7), SIMATIC CP 1604 (All versions \u003c V2.7), SIMATIC DK-16xx PN IO (All versions \u003c V2.7), SCALANCE X-200 (All versions \u003c V5.2.2), SCALANCE X-200 IRT (All versions), SCALANCE X-300/X408 (All versions \u003c V4.1.0), SCALANCE X414 (All versions \u003c V3.10.2), SCALANCE XM400 (All versions \u003c V6.1), SCALANCE XR500 (All versions \u003c V6.1), SCALANCE W700 (All versions \u003c V6.1), SCALANCE M-800, S615 (All versions \u003c V4.03), Softnet PROFINET IO for PC-based Windows systems (All versions \u003c V14 SP1), IE/PB-Link (All versions \u003c V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions \u003c V1.2.0), SITOP UPS1600 PROFINET (All versions \u003c V2.2.0), SIMATIC ET 200AL (All versions \u003c V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions \u003c V4.0.1), SIMATIC ET 200MP IM155-5 PN ST (All versions \u003c V4.1), SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST) (All versions), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM155-6 PN ST (All versions \u003c V4.1.0), SIMATIC ET 200SP (except IM155-6 PN ST) (All versions), SIMATIC PN/PN Coupler (All versions \u003c V4.0), Development/Evaluation Kit DK Standard Ethernet Controller (All versions \u003c V4.1.1 Patch04), Development/Evaluation Kit EK-ERTEC 200P (All versions \u003c V4.4.0 Patch01), Development/Evaluation Kit EK-ERTEC 200 (All versions \u003c V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions \u003c V2.3), SIMATIC S7-300 incl. F and T (All versions \u003c V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions \u003c V6.0.6), SIMATIC S7-400-H V6 (All versions \u003c V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions \u003c V7.0.2), SIMATIC S7-410 (All versions \u003c V8.2), SIMATIC S7-1200 incl. F (All versions \u003c V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions \u003c V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions \u003c V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft Starter 3RW44 PN (All versions), SIRIUS Motor Starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions \u003c V2.0.0), SINAMICS DCM w. PN (All versions \u003c V1.4 SP1 HF5), SINAMICS DCP w. PN (All versions \u003c V1.2 HF 1), SINAMICS G110M w. PN (All versions \u003c V4.7 SP6 HF3), SINAMICS G120(C/P/D) w. PN (All versions \u003c V4.7 SP6 HF3), SINAMICS G130 V4.7 w. PN (All versions \u003c V4.7 HF27), SINAMICS G150 V4.7 w. PN (V4.7: All versions \u003c V4.7 HF27), SINAMICS G130 V4.8 w. PN (All versions \u003c V4.8 HF4), SINAMICS G150 V4.8 w. PN (All versions \u003c V4.8 HF4), SINAMICS S110 w. PN (All versions \u003c V4.4 SP3 HF5), SINAMICS S120 V4.7 w. PN (All versions \u003c V4.7 HF27), and others. Siemens SIMATIC S7-300 F, etc. Siemens SIMATIC S7-300 F is a process controller. SIMATIC HMI Comfort Panels are touch screens", "sources": [ { "db": "NVD", "id": "CVE-2017-2681" }, { "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "db": "CNVD", "id": "CNVD-2017-06153" }, { "db": "BID", "id": "98369" }, { "db": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a" }, { "db": "VULHUB", "id": "VHN-110884" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-2681", "trust": 3.6 }, { "db": "SIEMENS", "id": "SSA-293562", "trust": 2.6 }, { "db": "BID", "id": "98369", "trust": 2.0 }, { "db": "SECTRACK", "id": "1038463", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-17-129-02", "trust": 1.7 }, { "db": "CNVD", "id": "CNVD-2017-06153", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201705-639", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-004135", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-18-023-02", "trust": 0.3 }, { "db": "SIEMENS", "id": "SSA-284673", "trust": 0.3 }, { "db": "IVD", "id": "33467505-7492-4AE1-B978-12F61201709A", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-110884", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a" }, { "db": "CNVD", "id": "CNVD-2017-06153" }, { "db": "VULHUB", "id": "VHN-110884" }, { "db": "BID", "id": "98369" }, { "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "db": "NVD", "id": "CVE-2017-2681" }, { "db": "CNNVD", "id": "CNNVD-201705-639" } ] }, "id": "VAR-201705-3221", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a" }, { "db": "CNVD", "id": "CNVD-2017-06153" }, { "db": "VULHUB", "id": "VHN-110884" } ], "trust": 1.4971765550000002 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a" }, { "db": "CNVD", "id": "CNVD-2017-06153" } ] }, "last_update_date": "2023-12-18T12:51:14.181000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-293562", "trust": 0.8, "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf" }, { "title": "Patch for Siemens SIMATIC HMI Denial of Service Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/93365" }, { "title": "Multiple Siemens Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70109" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-06153" }, { "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "db": "CNNVD", "id": "CNNVD-201705-639" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-110884" }, { "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "db": "NVD", "id": "CVE-2017-2681" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/98369" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1038463" }, { "trust": 1.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-129-02" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2681" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2681" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-129-02" }, { "trust": 0.3, "url": "http://subscriber.communications.siemens.com/" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-023-02" }, { "trust": 0.3, "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-06153" }, { "db": "VULHUB", "id": "VHN-110884" }, { "db": "BID", "id": "98369" }, { "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "db": "NVD", "id": "CVE-2017-2681" }, { "db": "CNNVD", "id": "CNNVD-201705-639" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a" }, { "db": "CNVD", "id": "CNVD-2017-06153" }, { "db": "VULHUB", "id": "VHN-110884" }, { "db": "BID", "id": "98369" }, { "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "db": "NVD", "id": "CVE-2017-2681" }, { "db": "CNNVD", "id": "CNNVD-201705-639" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-05-09T00:00:00", "db": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a" }, { "date": "2017-05-09T00:00:00", "db": "CNVD", "id": "CNVD-2017-06153" }, { "date": "2017-05-11T00:00:00", "db": "VULHUB", "id": "VHN-110884" }, { "date": "2017-05-08T00:00:00", "db": "BID", "id": "98369" }, { "date": "2017-06-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "date": "2017-05-11T10:29:00.180000", "db": "NVD", "id": "CVE-2017-2681" }, { "date": "2017-05-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201705-639" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-05-09T00:00:00", "db": "CNVD", "id": "CNVD-2017-06153" }, { "date": "2020-09-29T00:00:00", "db": "VULHUB", "id": "VHN-110884" }, { "date": "2018-05-09T14:00:00", "db": "BID", "id": "98369" }, { "date": "2017-09-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "date": "2022-04-12T18:29:19.557000", "db": "NVD", "id": "CVE-2017-2681" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201705-639" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201705-639" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens SIMATIC HMI Denial of service vulnerability", "sources": [ { "db": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a" }, { "db": "CNVD", "id": "CNVD-2017-06153" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201705-639" } ], "trust": 0.6 } }
var-201712-0703
Vulnerability from variot
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC Compact Field Unit, SIMATIC ET200AL, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200pro, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-200 SMART, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX (F) 2010, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SIMOTION C, SIMOTION D (incl. SIPLUS variants), SIMOTION D4xx V4.4 for SINAMICS SM150i-2 w. PROFINET (incl. SIPLUS variants), SIMOTION P V4.4 and V4.5, SIMOTION P V5, SINAMICS DCM w. PN, SINAMICS DCP w. PN, SINAMICS G110M w. PN, SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants), SINAMICS G130 V4.7 w. PN, SINAMICS G130 V4.8 w. PN, SINAMICS G150 V4.7 w. PN, SINAMICS G150 V4.8 w. PN, SINAMICS GH150 V4.7 w. PROFINET, SINAMICS GL150 V4.7 w. PROFINET, SINAMICS GM150 V4.7 w. PROFINET, SINAMICS S110 w. PN, SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants), SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants), SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants), SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants), SINAMICS S150 V4.7 w. PN, SINAMICS S150 V4.8 w. PN, SINAMICS SL150 V4.7.0 w. PROFINET, SINAMICS SL150 V4.7.4 w. PROFINET, SINAMICS SL150 V4.7.5 w. PROFINET, SINAMICS SM120 V4.7 w. PROFINET, SINAMICS V90 w. PN, SINUMERIK 840D sl, SIRIUS Soft Starter 3RW44 PN. Specially crafted packets sent to port 161/udp could cause a Denial-of-Service condition. The affected devices must be restarted manually. plural Siemens The product contains data processing vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensSIMATICS7-200Smart and others are products of Siemens AG. The Siemens SIMATICS7-200Smart is a programmable logic controller (PLC) for use in small and medium-sized automation systems. SIMATICWinACRTX2010incl is a software controller for automation solutions. A denial of service vulnerability exists in several Siemens products. Attackers can exploit this issue to crash the affected device, denying service to legitimate users. A vulnerability has been identified in SIMATIC S7-200 Smart (All versions < V2.03.01), SIMATIC S7-400 PN V6 (All versions < V6.0.6), SIMATIC S7-400 H V6 (All versions < V6.0.8), SIMATIC S7-400 PN/DP V7 (All versions < V7.0.2), SIMATIC S7-410 V8 (All versions < V8.2.1), SIMATIC S7-300 (All versions < V3.X.16), SIMATIC S7-1200 (All versions < V4.2.3), SIMATIC S7-1500 (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC WinAC RTX 2010 incl. F (All versions), SIMATIC ET 200AL (All versions), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions < V4.0.2), SIMATIC ET 200MP IM155-5 PN ST (All versions < V4.1), SIMATIC ET 200MP IM155-5 PN HF (All versions < V4.2), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM155-6 PN HF (All versions < V4.2.0), SIMATIC ET 200SP IM155-6 PN HA (All versions < V1.1.0), SIMATIC ET 200SP IM155-6 PN BA (All versions), SIMATIC ET 200SP IM155-6 PN ST (All versions), SIMATIC ET 200SP IM155-6 PN HS (All versions), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5), SIMOTION D (All versions < V5.1 HF1), SIMOTION C (All versions < V5.1 HF1), SIMOTION P V4.4 and V4.5 (All versions < V4.5 HF5), SIMOTION P V5 (All versions < V5.1 HF1), SINAMICS DCM w. PN (All versions < V1.2 HF2), SINAMICS G110M w. PN (All versions < V1.02), SINUMERIK 840D sl (All versions), SIMATIC Compact Field Unit (All versions), SIMATIC PN/PN Coupler (All versions < V4.2.0), SIMOCODE pro V PROFINET (All versions < V2.1.1), SIRIUS Soft Starter 3RW44 PN (All versions), SIMOCODE pro V EIP (All versions < V1.0.2). Siemens SIMATIC S7-1500 CPU, etc. SIMATIC S7-1500 CPU is a CPU (central processing unit) module. SIMATIC S7-1500 is a programmable logic controller. SINUMERIK 840D sl is a set of advanced machine tool numerical control system
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0703", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sinamics s120", "scope": "eq", "trust": 1.9, "vendor": "siemens", "version": null }, { "model": "sinamics s150 v4.8", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "sirius soft starter 3rw44pn", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "sinamics s110pn", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "simatic compact field unit", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "sinamics s150 v4.7", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "sinamics v90pn", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "simocode pro v profinet", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "simatic pn\\/pn coupler", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "simatic s7-300", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic s7-1200", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 software controller", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic et 200al", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic et 200ecopn", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic et 200m", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic et 200mp", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic et 200pro", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic et 200s", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "sinamics dcm", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "sinamics dcp", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic et 200sp", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "dk standard ethernet controller", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "sinamics s120", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "sinumerik 840d sl", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic compact field unit", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic pn/pn coupler", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "sirius soft starter 3rw44 pn", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "sinamics g150", "scope": "eq", "trust": 1.3, "vendor": "siemens", "version": null }, { "model": "sinamics g130", "scope": "eq", "trust": 1.3, "vendor": "siemens", "version": null }, { "model": "sinamics dcm", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1200", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.03.01" }, { "model": "dk standard ethernet controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-400h v6", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.0.8" }, { "model": "simatic et 200sp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic et 200al", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "sinamics g110m\\/g120pn", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic s7-1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "simatic s7-1500 controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "simatic et 200mp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-400pn\\/dp v7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-400pn v6", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.0.6" }, { "model": "simatic winac rtx f 2010", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic et 200ecopn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic et 200pro", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "ek-ertec 200pn io", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-300", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simotion p", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "5.1" }, { "model": "simatic et 200m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "sinamics dcp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-410 v8", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "ek-ertec 200p", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "simatic et 200s", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simotion c", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "5.1" }, { "model": "simotion d", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "5.1" }, { "model": "ek-ertec 200 pn io", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ek-ertec 200p p", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-200 smart", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-400 pn v6", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-400 pn/dp v7", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-400h v6", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-410 v8", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic winac rtx 2010 incl. f", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simocode pro v profinet", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simotion c", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simotion d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simotion p", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics g110m", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics g130", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics g150", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics s110 w. pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics s150 v4.7 w. pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics s150 v4.8 w. pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics v90 w. pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-200 smart", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.03.01" }, { "model": "simatic s7-400 pn", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v6\u003cv6.0.6" }, { "model": "simatic s7-400 h", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v6" }, { "model": "simatic s7-400 pn/dp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v7" }, { "model": "simatic s7-410", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v8" }, { "model": "simatic winac rtx incl.f", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "2010" }, { "model": "ek-ertec pn io", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "200" }, { "model": "simotion d hf1", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v5.1" }, { "model": "simotion c hf1", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v5.1" }, { "model": "simotion p hf1", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v5.1" }, { "model": "sinamics g110m/g120 w.pn sp9 hf1", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "ek-ertec 200p", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.5" }, { "model": "sinamics s110 w.pn", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinamics s150", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinamics s150", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinamics w.pn", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v90" }, { "model": "simocode pro profinet", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v" }, { "model": "sinamics g130 and g150", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "softnet profinet io", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sirius soft starter 3rw44 pn", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinamics sm150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics sm120", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics sl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7.5" }, { "model": "sinamics sl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7.4" }, { "model": "sinamics sl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics s150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": null }, { "model": "sinamics s120", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinamics gm150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics gl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics gh150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics g120", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": null }, { "model": "sinamics dcp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinamics dcm", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simotion", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simocode pro eip", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "v1.0.1" }, { "model": "simocode pro eip", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "v1.0" }, { "model": "simatic winac rtx", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "20100" }, { "model": "simatic winac rtx f sp2", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "2010" }, { "model": "simatic winac rtx sp2", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "2010" }, { "model": "simatic s7-410", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "8" }, { "model": "simatic s7-400 pn", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "v60" }, { "model": "simatic s7-400 pn", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-400 h", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "v60" }, { "model": "simatic s7-300", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-200", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1.8.3" }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1.6" }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1.5.0" }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-1200", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.1.3" }, { "model": "simatic s7-1200", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.0" }, { "model": "simatic s7-1200", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.0.0" }, { "model": "simatic s7-1200", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.0" }, { "model": "simatic s7-1200", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "2.0.3" }, { "model": "simatic s7-1200", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "2.0.2" }, { "model": "simatic et", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "2000" }, { "model": "simatic compact field unit", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "profinet io", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1.4.1" }, { "model": "profinet io", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinamics sm120 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics sl150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics gm150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics gl150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics gh150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics g120p", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": null }, { "model": "sinamics g120d", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": null }, { "model": "sinamics g120c", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": null }, { "model": "sinamics g120 update sp9 hf1", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics g110m", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simotion p hf1", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "5.1" }, { "model": "simotion c hf1", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "5.1" }, { "model": "simocode pro eip", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "v1.0.2" }, { "model": "simatic s7-400 pn", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "v66.0.6" }, { "model": "simatic s7-200 smart", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "2.3.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 200", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic winac rtx f 2010", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200al", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200ecopn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200m", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200mp", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200pro", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200s", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200sp", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "dk standard ethernet controller", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ek ertec 200p", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400pn v6", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ek ertec 200pn io", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simotion d", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simotion c", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simotion p", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics dcm", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics dcp", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g110m g120pn", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g130", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g150", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s110pn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400h v6", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s120", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s150 v4 7", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s150 v4 8", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics v90pn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic compact field unit", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic pn pn coupler", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simocode pro v profinet", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sirius soft starter 3rw44pn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400pn dp v7", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 410 v8", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1200", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500 controller", "version": "2.0" } ], "sources": [ { "db": "IVD", "id": "e2df32de-39ab-11e9-b092-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2017-36884" }, { "db": "BID", "id": "101964" }, { "db": "JVNDB", "id": "JVNDB-2017-011798" }, { "db": "NVD", "id": "CVE-2017-12741" }, { "db": "CNNVD", "id": "CNNVD-201711-1105" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-200_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.03.01", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400pn_v6_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.0.6", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400pn_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400h_v6_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.0.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400h_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400pn\\/dp_v7_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400pn\\/dp_v7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-410_v8_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-410_v8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500_controller_firmware:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_f_2010_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_winac_rtx_f_2010:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200al_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200al:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200ecopn_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200ecopn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200m_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200mp_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200mp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200pro_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200pro:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200s_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200sp_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200sp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:dk_standard_ethernet_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200p_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ek-ertec_200p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200pn_io_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ek-ertec_200pn_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simotion_d_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simotion_d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simotion_c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simotion_c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simotion_p_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simotion_p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcm_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_dcm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcp_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g110m\\/g120pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g110m\\/g120pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g130_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g130:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g150_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s110pn_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s110pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s120_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s150_v4.7_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s150_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s150_v4.8_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s150_v4.8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_v90pn_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_v90pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_compact_field_unit_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_compact_field_unit:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_pn\\/pn_coupler_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_pn\\/pn_coupler:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simocode_pro_v_profinet_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simocode_pro_v_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sirius_soft_starter_3rw44pn_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sirius_soft_starter_3rw44pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-12741" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens ProductCERT reported this vulnerability to NCCIC.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201711-1105" } ], "trust": 0.6 }, "cve": "CVE-2017-12741", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2017-12741", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2017-36884", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "e2df32de-39ab-11e9-b092-000c29342cb1", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-103294", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2017-12741", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-12741", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2017-36884", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201711-1105", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2df32de-39ab-11e9-b092-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-103294", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e2df32de-39ab-11e9-b092-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2017-36884" }, { "db": "VULHUB", "id": "VHN-103294" }, { "db": "JVNDB", "id": "JVNDB-2017-011798" }, { "db": "NVD", "id": "CVE-2017-12741" }, { "db": "CNNVD", "id": "CNNVD-201711-1105" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC Compact Field Unit, SIMATIC ET200AL, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200pro, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-200 SMART, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX (F) 2010, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SIMOTION C, SIMOTION D (incl. SIPLUS variants), SIMOTION D4xx V4.4 for SINAMICS SM150i-2 w. PROFINET (incl. SIPLUS variants), SIMOTION P V4.4 and V4.5, SIMOTION P V5, SINAMICS DCM w. PN, SINAMICS DCP w. PN, SINAMICS G110M w. PN, SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants), SINAMICS G130 V4.7 w. PN, SINAMICS G130 V4.8 w. PN, SINAMICS G150 V4.7 w. PN, SINAMICS G150 V4.8 w. PN, SINAMICS GH150 V4.7 w. PROFINET, SINAMICS GL150 V4.7 w. PROFINET, SINAMICS GM150 V4.7 w. PROFINET, SINAMICS S110 w. PN, SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants), SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants), SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants), SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants), SINAMICS S150 V4.7 w. PN, SINAMICS S150 V4.8 w. PN, SINAMICS SL150 V4.7.0 w. PROFINET, SINAMICS SL150 V4.7.4 w. PROFINET, SINAMICS SL150 V4.7.5 w. PROFINET, SINAMICS SM120 V4.7 w. PROFINET, SINAMICS V90 w. PN, SINUMERIK 840D sl, SIRIUS Soft Starter 3RW44 PN. Specially crafted packets sent to port 161/udp could cause a Denial-of-Service condition. The affected devices must be restarted manually. plural Siemens The product contains data processing vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensSIMATICS7-200Smart and others are products of Siemens AG. The Siemens SIMATICS7-200Smart is a programmable logic controller (PLC) for use in small and medium-sized automation systems. SIMATICWinACRTX2010incl is a software controller for automation solutions. A denial of service vulnerability exists in several Siemens products. \nAttackers can exploit this issue to crash the affected device, denying service to legitimate users. A vulnerability has been identified in SIMATIC S7-200 Smart (All versions \u003c V2.03.01), SIMATIC S7-400 PN V6 (All versions \u003c V6.0.6), SIMATIC S7-400 H V6 (All versions \u003c V6.0.8), SIMATIC S7-400 PN/DP V7 (All versions \u003c V7.0.2), SIMATIC S7-410 V8 (All versions \u003c V8.2.1), SIMATIC S7-300 (All versions \u003c V3.X.16), SIMATIC S7-1200 (All versions \u003c V4.2.3), SIMATIC S7-1500 (All versions \u003c V2.0), SIMATIC S7-1500 Software Controller (All versions \u003c V2.0), SIMATIC WinAC RTX 2010 incl. F (All versions), SIMATIC ET 200AL (All versions), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions \u003c V4.0.2), SIMATIC ET 200MP IM155-5 PN ST (All versions \u003c V4.1), SIMATIC ET 200MP IM155-5 PN HF (All versions \u003c V4.2), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM155-6 PN HF (All versions \u003c V4.2.0), SIMATIC ET 200SP IM155-6 PN HA (All versions \u003c V1.1.0), SIMATIC ET 200SP IM155-6 PN BA (All versions), SIMATIC ET 200SP IM155-6 PN ST (All versions), SIMATIC ET 200SP IM155-6 PN HS (All versions), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions \u003c V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions \u003c V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions \u003c V4.5), SIMOTION D (All versions \u003c V5.1 HF1), SIMOTION C (All versions \u003c V5.1 HF1), SIMOTION P V4.4 and V4.5 (All versions \u003c V4.5 HF5), SIMOTION P V5 (All versions \u003c V5.1 HF1), SINAMICS DCM w. PN (All versions \u003c V1.2 HF2), SINAMICS G110M w. PN (All versions \u003c V1.02), SINUMERIK 840D sl (All versions), SIMATIC Compact Field Unit (All versions), SIMATIC PN/PN Coupler (All versions \u003c V4.2.0), SIMOCODE pro V PROFINET (All versions \u003c V2.1.1), SIRIUS Soft Starter 3RW44 PN (All versions), SIMOCODE pro V EIP (All versions \u003c V1.0.2). Siemens SIMATIC S7-1500 CPU, etc. SIMATIC S7-1500 CPU is a CPU (central processing unit) module. SIMATIC S7-1500 is a programmable logic controller. SINUMERIK 840D sl is a set of advanced machine tool numerical control system", "sources": [ { "db": "NVD", "id": "CVE-2017-12741" }, { "db": "JVNDB", "id": "JVNDB-2017-011798" }, { "db": "CNVD", "id": "CNVD-2017-36884" }, { "db": "BID", "id": "101964" }, { "db": "IVD", "id": "e2df32de-39ab-11e9-b092-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-103294" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-12741", "trust": 3.6 }, { "db": "BID", "id": "101964", "trust": 2.6 }, { "db": "ICS CERT", "id": "ICSA-17-339-01", "trust": 2.3 }, { "db": "SIEMENS", "id": "SSA-346262", "trust": 2.0 }, { "db": "SIEMENS", "id": "SSA-546832", "trust": 2.0 }, { "db": "SIEMENS", "id": "SSA-141614", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-18-128-01", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-19-099-01", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-201711-1105", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2017-36884", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-011798", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2019.1206", "trust": 0.6 }, { "db": "IVD", "id": "E2DF32DE-39AB-11E9-B092-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-103294", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2df32de-39ab-11e9-b092-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2017-36884" }, { "db": "VULHUB", "id": "VHN-103294" }, { "db": "BID", "id": "101964" }, { "db": "JVNDB", "id": "JVNDB-2017-011798" }, { "db": "NVD", "id": "CVE-2017-12741" }, { "db": "CNNVD", "id": "CNNVD-201711-1105" } ] }, "id": "VAR-201712-0703", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e2df32de-39ab-11e9-b092-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2017-36884" }, { "db": "VULHUB", "id": "VHN-103294" } ], "trust": 1.5574432950000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS", "Network device" ], "sub_category": null, "trust": 0.6 }, { "category": [ "ICS" ], "sub_category": null, "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "e2df32de-39ab-11e9-b092-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2017-36884" } ] }, "last_update_date": "2023-12-18T12:51:14.227000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-346262", "trust": 0.8, "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-346262.pdf" }, { "title": "Patches for multiple Siemens product denial of service vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/109849" }, { "title": "Multiple Siemens Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76771" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-36884" }, { "db": "JVNDB", "id": "JVNDB-2017-011798" }, { "db": "CNNVD", "id": "CNNVD-201711-1105" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.0 }, { "problemtype": "CWE-19", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-103294" }, { "db": "JVNDB", "id": "JVNDB-2017-011798" }, { "db": "NVD", "id": "CVE-2017-12741" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.9, "url": "https://www.securityfocus.com/bid/101964" }, { "trust": 2.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-339-01" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf" }, { "trust": 1.7, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-128-01" }, { "trust": 0.9, "url": "http://www.siemens.com/" }, { "trust": 0.9, "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-01" }, { "trust": 0.9, "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-346262.pdf" }, { "trust": 0.9, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-546832.txt" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12741" }, { "trust": 0.8, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-099-01" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12741" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/78750" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-339-01" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-36884" }, { "db": "VULHUB", "id": "VHN-103294" }, { "db": "BID", "id": "101964" }, { "db": "JVNDB", "id": "JVNDB-2017-011798" }, { "db": "NVD", "id": "CVE-2017-12741" }, { "db": "CNNVD", "id": "CNNVD-201711-1105" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e2df32de-39ab-11e9-b092-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2017-36884" }, { "db": "VULHUB", "id": "VHN-103294" }, { "db": "BID", "id": "101964" }, { "db": "JVNDB", "id": "JVNDB-2017-011798" }, { "db": "NVD", "id": "CVE-2017-12741" }, { "db": "CNNVD", "id": "CNNVD-201711-1105" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-12-12T00:00:00", "db": "IVD", "id": "e2df32de-39ab-11e9-b092-000c29342cb1" }, { "date": "2017-12-12T00:00:00", "db": "CNVD", "id": "CNVD-2017-36884" }, { "date": "2017-12-26T00:00:00", "db": "VULHUB", "id": "VHN-103294" }, { "date": "2017-11-23T00:00:00", "db": "BID", "id": "101964" }, { "date": "2018-01-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-011798" }, { "date": "2017-12-26T04:29:13.707000", "db": "NVD", "id": "CVE-2017-12741" }, { "date": "2017-11-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201711-1105" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-12-12T00:00:00", "db": "CNVD", "id": "CNVD-2017-36884" }, { "date": "2020-08-14T00:00:00", "db": "VULHUB", "id": "VHN-103294" }, { "date": "2019-04-10T07:00:00", "db": "BID", "id": "101964" }, { "date": "2019-07-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-011798" }, { "date": "2022-02-09T16:15:08.687000", "db": "NVD", "id": "CVE-2017-12741" }, { "date": "2022-02-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201711-1105" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201711-1105" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Siemens Data processing vulnerabilities in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-011798" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201711-1105" } ], "trust": 0.6 } }
var-201705-3220
Vulnerability from variot
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected. SIMATIC CP, SIMATIC RF600, SCALANCE W700, etc. are all industrial automation products from Siemens AG. A denial of service vulnerability exists in several industrial devices from Siemens. Multiple Siemens Products is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause a denial-of-service condition. Manual restart of the server is required to resume normal operation. SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions before V2.1.82), SIMATIC CP 1243-1 IRC (All versions before V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions before to V1.0.15), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X-200 (All versions before V5.2.2), SCALANCE X200 IRT (All versions before V5.4.0), SCALANCE X-300/X408 (All versions before V4.1.0), SCALANCE X414 (All versions before V3.10.2), SCALANCE XM400, XR500 (All versions before V6.1), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions before V04.03), Softnet PROFINET IO for PC-based Windows systems (All versions before V14 SP1), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions before V1.2.0), SITOP UPS1600 PROFINET (All versions before V2.2.0), SIMATIC ET 200AL (All versions before V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions before V4.1.0), SIMATIC PN/PN Coupler (All versions before V4.0), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions before V2.3), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions before V6.0.6), SIMATIC S7-400-H V6 (All versions before V6.0.7), SIMATIC S7-400 PN/DP V7 incl. F (All versions), SIMATIC S7-CPU 410 (All versions before V8.2), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions before V1.4 SP1 HF5), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S110 w. PN (All versions before V4.4 SP1 HF5), SINAMICS S120 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS V90 w. PN (All versions before V1.1), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (All versions before V4.5 SP6 HF2 and V4.7 before SP6 HF8), SINUMERIK 840D sl (All versions before V4.5 SP6 HF8 and V4.7 before SP4 HF1), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet. Siemens SIMATIC S7-200 Smart, etc. Siemens SIMATIC S7-200 Smart is a programmable logic controller (PLC) used in small and medium-sized automation systems. Siemens SIMATIC CP 343-1 Advanced is an Ethernet communication module used to support PROFINET (a new generation of automation bus standard based on industrial Ethernet technology). SIRIUS Motor starter M200D PROFINET is a motor starter. The following products and versions are affected: Siemens Extension Unit 12\" PROFINET prior to V01.01.01; Extension Unit 15\" PROFINET prior to V01.01.01; Extension Unit 19\" PROFINET prior to V01.01.01; Extension Unit 22\" PROFINET SIMATIC CP 1242-7 GPRS V2 prior to V2.1.82; SIMATIC CP 1243-7 LTE/US prior to V2.1.82; SIMATIC CP 1243-8 prior to V2.1.82; SIMATIC CP 1626 V1.1 previous version
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3220", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic dk-16xx pn io", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic rf685r", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic rf650r", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic rf680r", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543sp-1", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1 irc", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "scalance xr500", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "scalance s615", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "scalance m-800", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "scalance xm400", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "scalance w700", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "sinamics gm150", "scope": "eq", "trust": 1.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics gh150", "scope": "eq", "trust": 1.3, "vendor": "siemens", "version": "4.7" }, { "model": "simatic dk-1604 pn io", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "simatic cp 343-1 adv", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic tdc cp51m1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.8" }, { "model": "simatic cp 1243-1 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.82" }, { "model": "sinamics dcm", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.4" }, { "model": "sinamics g120\\ w. pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "sirius act 3su1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.0" }, { "model": "simatic rf680r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic cp 1543sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.15" }, { "model": "simatic et 200al", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.2" }, { "model": "simatic cp 443-1 adv", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2.17" }, { "model": "scalance x414", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.10.2" }, { "model": "sinumerik 828d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "sinumerik 840d sl", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "sinamics gl150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "softnet profinet io", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "14" }, { "model": "simatic et 200pro", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ek-ertec 200 pn io", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.2.1" }, { "model": "simatic cp 1243-1 dnp3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance x300", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.0" }, { "model": "scalance s615", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.03" }, { "model": "sinamics s110 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.4" }, { "model": "simatic s7-400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.0.6" }, { "model": "simatic et 200m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ups1600 profinet", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.0" }, { "model": "sinamics dcp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.2" }, { "model": "simotion", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "sinamics gm150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics dcm", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.4" }, { "model": "dk standard ethernet controller", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.1" }, { "model": "sinamics s120", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics sl150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics g110m", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic cp 1242-7 gprs", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.82" }, { "model": "sinamics g130", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic cp 1542sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.15" }, { "model": "extension unit 22 profinet", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "01.01.01" }, { "model": "scalance xr500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.1" }, { "model": "simatic s7-200 smart", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "simatic et 200s", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.82" }, { "model": "sinamics sm120", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "ek-ertec 200p pn io", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.4.0" }, { "model": "simatic tdc cpu555", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.1" }, { "model": "sinamics s110 pn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.4" }, { "model": "simatic cp 1616", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "sinamics s120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics g150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "scalance w700", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.1" }, { "model": "sinamics gl150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics g110m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sirius motor starter m200d profinet", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "softnet profinet io", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14" }, { "model": "sinamics g130", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic cp 1243-7 lte\\/us", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.82" }, { "model": "simatic et 200sp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.0" }, { "model": "scalance xm400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.1" }, { "model": "sirius soft starter 3rw44 pn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic hmi multi panels", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic winac rtx", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2010" }, { "model": "simocode pro v profinet", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0.0" }, { "model": "sinamics gh150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic hmi mobile panels", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic rf650r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic teleservice adapter ie basic", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ek-ertec 200 pn io", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2.1" }, { "model": "sinamics s150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic cp 1243-8", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.82" }, { "model": "sinamics g150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics sl150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics sm120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic cp 1626", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic cp 343-1 lean", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.1.3" }, { "model": "ie\\/pb-link", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "scalance x200 irt", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.4.0" }, { "model": "pn\\/pn coupler", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic cp 1604", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "simatic et 200ecopn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ek-ertec 200p pn io", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.4.0" }, { "model": "ie\\/as-i link pn io", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic rf685r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "sinamics g120\\ w. pn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics v90 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.01" }, { "model": "extension unit 19 profinet", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "01.01.01" }, { "model": "simatic cp 443-1 std", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2.17" }, { "model": "simatic teleservice adapter ie standard", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics s150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic s7-300", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "extension unit 15 profinet", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "01.01.01" }, { "model": "simatic s7-1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "simatic cp 1243-1 iec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic dk-1616 pn io", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "scalance x200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.2" }, { "model": "simatic s7-1200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2.1" }, { "model": "simatic cp 443-1 opc-ua", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "simatic hmi comfort panels", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "scalance m-800", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.03" }, { "model": "simatic cp 343-1 std", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.1.3" }, { "model": "simotion", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "sinamics dcp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.2" }, { "model": "scalance x408", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.0" }, { "model": "extension unit 12 profinet", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "01.01.01" }, { "model": "simatic s7-1500 software controller", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "sitop psu8600", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.2.0" }, { "model": "dk standard ethernet controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.1.1" }, { "model": "simatic cp 1542sp-1 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.15" }, { "model": "simatic et 200mp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0.1" }, { "model": "simatic teleservice adapter ie advanced", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cm 1542-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "simatic winac rtx", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2010" }, { "model": "dk standard ethernet controller", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ek-ertec 200 pn io", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ek-ertec 200p pn io", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ie/as-i link pn io", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ie/pb-link", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "pn/pn coupler", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x200 irt", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x200", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x300", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x408", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x414", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cm 1542-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1243-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1604", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1616", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1 adv", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1 lean", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1 std", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1 adv", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1 opc-ua", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1 std", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200al", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200ecopn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200m", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200mp", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200pro", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200s", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200sp", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic hmi comfort panels", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic hmi mobile panels", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic hmi multi panels", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-1200", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 software controller", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-200 smart", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-300", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-400", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic teleservice adapter ie advanced", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic teleservice adapter ie basic", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic teleservice adapter standard modem", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic winac rtx 2010", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simocode pro v profinet", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simotion", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics dcm", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics dcp", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics g110m", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics g120 w. pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics g130", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics g150", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics s110 w. pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics s120", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics s150", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics v90 w. pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 840d sl", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sirius act 3su1 interface module profinet", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sirius motor starter m200d profinet", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sirius soft starter 3rw44 pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sitop psu8600", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sitop ups1600 profinet", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "softnet profinet io", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "for pc-based windows systems firmware" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1616" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1604" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1543-1" }, { "model": "simatic cm", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1542-1" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp opc-ua", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1" }, { "model": "simatic cp adv", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1" }, { "model": "simatic cp std", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1" }, { "model": "simatic cp std", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "343-1" }, { "model": "simatic cp lean", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "343-1" }, { "model": "simatic cp adv", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "343-1" }, { "model": "scalance", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "x408" }, { "model": "scalance", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "x414" }, { "model": "scalance irt", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "x200" }, { "model": "scalance", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "x200" }, { "model": "scalance", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "x300" }, { "model": "simatic rf650r", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1 opc-ua", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cm 1542-1", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1 irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1 adv", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1 std", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543-1", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543sp-1", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic rf680r", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "sinumerik 828d", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "sinumerik 840d sl", "version": "*" }, { "model": "ups1600 profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "softnet profinet io", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sitop psu8600", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sirius soft starter 3rw44 pn", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sirius act 3su1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinumerik 840d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinamics sm150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics sm120", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics sl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7.5" }, { "model": "sinamics sl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7.4" }, { "model": "sinamics sl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics gl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simotion", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic winac rtx", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "20100" }, { "model": "simatic teleservice adapter standard modem", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-400", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-300", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-200 smart", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic rf685r", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic rf680r", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic rf650r", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic et", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "2000" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "443-10" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "343-10" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "16260" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "16160" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "16040" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1543-12.0.28" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1543-10" }, { "model": "simatic cp 1542sp-1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1243-80" }, { "model": "simatic cp lte eu/us", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1243-70" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1243-10" }, { "model": "simatic cp gprs", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1242-7v20" }, { "model": "scalance xr500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "scalance xm400", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x4140" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x4084.0" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x4083.0" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x3000" }, { "model": "scalance irt", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x2000" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x2000" }, { "model": "scalance w700 series", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.4" }, { "model": "scalance w700 series", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.5.4" }, { "model": "scalance s615", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "scalance m-800", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.02" }, { "model": "scalance m-800", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "ie/as-i link pn io", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "extension unit profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "22?0" }, { "model": "extension unit profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "19?0" }, { "model": "extension unit profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "15?0" }, { "model": "extension unit profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "12?0" }, { "model": "e/pb-link", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinumerik 840d sl", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics sm120 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics sl150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics gm150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics gl150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics gh150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "simatic rf685r", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "3.0" }, { "model": "simatic rf680r", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "3.0" }, { "model": "simatic cp", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "16162.7" }, { "model": "simatic cp 1604d", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "2.7" }, { "model": "simatic cp irc", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1243-82.1.82" }, { "model": "simatic cp lte eu/us", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1243-72.1.82" }, { "model": "simatic cp gprs", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1242-7v22.1.82" }, { "model": "simatic rf650r", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "3.0" }, { "model": "simatic cp", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "443-13.2.17" }, { "model": "simatic cp", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "15431.2.1" }, { "model": "simatic cm1542", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1.2" }, { "model": "scalance w700", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "6.1" }, { "model": "extension unit profinet", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "22?1.1.1" }, { "model": "extension unit profinet", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "19?1.1.1" }, { "model": "extension unit profinet", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "15?1.1.1" }, { "model": "extension unit profinet", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "12?1.1.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 343 1 std", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1542sp 1 irc", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1543sp 1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1543 1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf650r", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf680r", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf685r", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1616", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1604", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic dk 16xx pn io", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x200", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 343 1 lean", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x200 irt", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x300", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x408", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x414", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xm400", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xr500", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance w700", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance m 800", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance s615", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "softnet profinet io", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 343 1 adv", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ie pb link", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ie as i link pn io", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic teleservice adapter standard modem", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic teleservice adapter ie basic modem", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic teleservice adapter ie advanced modem", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sitop psu8600", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ups1600 profinet", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200al", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200ecopn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200m", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 443 1 std", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200mp", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200pro", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200s", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200sp", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "pn pn coupler", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "dk standard ethernet controller", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ek ertec 200p pn io", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ek ertec 200 pn io", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 200 smart", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 443 1 adv", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1200", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500 controller", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic winac rtx 2010", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sirius act 3su1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sirius soft starter 3rw44 pn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sirius motor starter m200d profinet", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simocode pro v profinet", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics dcm", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 443 1 opc ua", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics dcp", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g110m", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g120 c p d w pn", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g130", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s110 w pn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s120", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics v90 w pn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simotion", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1243 1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi comfort panels", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi multi panels", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi mobile panels", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cm 1542 1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1542sp 1", "version": null } ], "sources": [ { "db": "IVD", "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4" }, { "db": "CNVD", "id": "CNVD-2017-06151" }, { "db": "BID", "id": "98369" }, { "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "db": "NVD", "id": "CVE-2017-2680" }, { "db": "CNNVD", "id": "CNNVD-201705-574" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_343-1_std_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_343-1_std:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_343-1_lean_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_343-1_lean:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_343-1_adv_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_343-1_adv:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_std_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_443-1_std:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_adv_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_443-1_adv:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_opc-ua_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_443-1_opc-ua:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.82", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cm_1542-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cm_1542-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.15", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1542sp-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.15", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.15", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_rf650r_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_rf650r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_rf680r_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_rf680r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_rf685r_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_rf685r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1616_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1616:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1604_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1604:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_dk-1616_pn_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_dk-1616_pn_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x200_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.2.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x200_irt_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x200_irt:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x300_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x408_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x408:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x414_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.10.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x414:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_xm400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_xm400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_xr500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_xr500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_w700_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_w700:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.03", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.03", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:softnet_profinet_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:softnet_profinet_io_firmware:14:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:softnet_profinet_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ie\\/pb-link_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ie\\/pb-link:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ie\\/as-i_link_pn_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ie\\/as-i_link_pn_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_standard_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_standard:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_basic_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_basic:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_advanced_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_advanced_modem:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sitop_psu8600_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sitop_psu8600:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ups1600_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ups1600_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200al_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200al:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200ecopn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200ecopn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200m_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200mp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200mp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200pro_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200pro:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200sp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200sp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:pn\\/pn_coupler_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:pn\\/pn_coupler:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:4.1.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:dk_standard_ethernet_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200p_pn_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200p_pn_io_firmware:4.4.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ek-ertec_200p_pn_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200_pn_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200_pn_io_firmware:4.2.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ek-ertec_200_pn_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-200_smart_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-200_smart:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.0.6", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500_software_controller_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_software_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2010", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_firmware:2010:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_winac_rtx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sirius_act_3su1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sirius_act_3su1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sirius_soft_starter_3rw44_pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sirius_soft_starter_3rw44_pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sirius_motor_starter_m200d_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sirius_motor_starter_m200d_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simocode_pro_v_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simocode_pro_v_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcm_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcm_firmware:1.4:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcm_firmware:1.4:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_dcm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcp_firmware:1.2:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g110m_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g110m_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g110m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g120\\(c\\/p\\/d\\)_w._pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g120\\(c\\/p\\/d\\)_w._pn_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g120\\(c\\/p\\/d\\)_w._pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g130_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g130_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g130:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g150_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics__s110_pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics__s110_pn_firmware:4.4:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:_s110_pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s120_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s120_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s150_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_v90_pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.01", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_v90_pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simotion_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:simotion_firmware:4.5:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simotion:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_firmware:4.5:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_828d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:4.5:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_multi_panels:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_multi_panels:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_mobile_panels:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_mobile_panels:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_irc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.82", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1_irc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_iec_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1_iec:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_dnp3_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_dk-1604_pn_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_dk-1604_pn_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_tdc_cpu555_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_tdc_cpu555:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_tdc_cp51m1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gh150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gh150_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_gh150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gl150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gl150_firmware:4.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_gl150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gm150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gm150_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_gm150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_sl150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_sl150_firmware:4.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_sl150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_sm120_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_sm120_firmware:4.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_sm120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:extension_unit_12_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "01.01.01", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:extension_unit_12_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:extension_unit_15_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "01.01.01", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:extension_unit_15_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:extension_unit_19_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "01.01.01", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:extension_unit_19_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:extension_unit_22_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "01.01.01", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:extension_unit_22_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.82", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1242-7_gprs:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte\\/us_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.82", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte\\/us:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.82", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1626_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1626:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-2680" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Duan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team.", "sources": [ { "db": "BID", "id": "98369" } ], "trust": 0.3 }, "cve": "CVE-2017-2680", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Adjacent Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 6.1, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2017-2680", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "CNVD-2017-06151", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "VHN-110883", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Adjacent Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2017-2680", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-2680", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2017-06151", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201705-574", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-110883", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4" }, { "db": "CNVD", "id": "CNVD-2017-06151" }, { "db": "VULHUB", "id": "VHN-110883" }, { "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "db": "NVD", "id": "CVE-2017-2680" }, { "db": "CNNVD", "id": "CNNVD-201705-574" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected. SIMATIC CP, SIMATIC RF600, SCALANCE W700, etc. are all industrial automation products from Siemens AG. A denial of service vulnerability exists in several industrial devices from Siemens. Multiple Siemens Products is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause a denial-of-service condition. Manual restart of the server is required to resume normal operation. SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions before V2.1.82), SIMATIC CP 1243-1 IRC (All versions before V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions before to V1.0.15), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X-200 (All versions before V5.2.2), SCALANCE X200 IRT (All versions before V5.4.0), SCALANCE X-300/X408 (All versions before V4.1.0), SCALANCE X414 (All versions before V3.10.2), SCALANCE XM400, XR500 (All versions before V6.1), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions before V04.03), Softnet PROFINET IO for PC-based Windows systems (All versions before V14 SP1), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions before V1.2.0), SITOP UPS1600 PROFINET (All versions before V2.2.0), SIMATIC ET 200AL (All versions before V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions before V4.1.0), SIMATIC PN/PN Coupler (All versions before V4.0), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions before V2.3), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions before V6.0.6), SIMATIC S7-400-H V6 (All versions before V6.0.7), SIMATIC S7-400 PN/DP V7 incl. F (All versions), SIMATIC S7-CPU 410 (All versions before V8.2), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions before V1.4 SP1 HF5), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S110 w. PN (All versions before V4.4 SP1 HF5), SINAMICS S120 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS V90 w. PN (All versions before V1.1), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (All versions before V4.5 SP6 HF2 and V4.7 before SP6 HF8), SINUMERIK 840D sl (All versions before V4.5 SP6 HF8 and V4.7 before SP4 HF1), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet. Siemens SIMATIC S7-200 Smart, etc. Siemens SIMATIC S7-200 Smart is a programmable logic controller (PLC) used in small and medium-sized automation systems. Siemens SIMATIC CP 343-1 Advanced is an Ethernet communication module used to support PROFINET (a new generation of automation bus standard based on industrial Ethernet technology). SIRIUS Motor starter M200D PROFINET is a motor starter. The following products and versions are affected: Siemens Extension Unit 12\\\" PROFINET prior to V01.01.01; Extension Unit 15\\\" PROFINET prior to V01.01.01; Extension Unit 19\\\" PROFINET prior to V01.01.01; Extension Unit 22\\\" PROFINET SIMATIC CP 1242-7 GPRS V2 prior to V2.1.82; SIMATIC CP 1243-7 LTE/US prior to V2.1.82; SIMATIC CP 1243-8 prior to V2.1.82; SIMATIC CP 1626 V1.1 previous version", "sources": [ { "db": "NVD", "id": "CVE-2017-2680" }, { "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "db": "CNVD", "id": "CNVD-2017-06151" }, { "db": "BID", "id": "98369" }, { "db": "IVD", "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4" }, { "db": "VULHUB", "id": "VHN-110883" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-2680", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-18-023-02", "trust": 2.8 }, { "db": "SIEMENS", "id": "SSA-293562", "trust": 2.6 }, { "db": "SIEMENS", "id": "SSA-284673", "trust": 2.0 }, { "db": "BID", "id": "98369", "trust": 2.0 }, { "db": "SIEMENS", "id": "SSA-546832", "trust": 1.7 }, { "db": "SECTRACK", "id": "1038463", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-17-129-02", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-201705-574", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2017-06151", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-18-128-01", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-004134", "trust": 0.8 }, { "db": "IVD", "id": "296C9514-B30D-4FA5-BCDC-9D8B2E9620C4", "trust": 0.2 }, { "db": "SEEBUG", "id": "SSVID-99023", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-110883", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4" }, { "db": "CNVD", "id": "CNVD-2017-06151" }, { "db": "VULHUB", "id": "VHN-110883" }, { "db": "BID", "id": "98369" }, { "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "db": "NVD", "id": "CVE-2017-2680" }, { "db": "CNNVD", "id": "CNNVD-201705-574" } ] }, "id": "VAR-201705-3220", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4" }, { "db": "CNVD", "id": "CNVD-2017-06151" }, { "db": "VULHUB", "id": "VHN-110883" } ], "trust": 1.5351787667924528 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4" }, { "db": "CNVD", "id": "CNVD-2017-06151" } ] }, "last_update_date": "2023-12-18T12:51:14.128000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-293562", "trust": 0.8, "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf" }, { "title": "Patch for a number of Siemens products with a denial of service vulnerability (CNVD-2017-06151)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/93364" }, { "title": "Multiple Siemens Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70052" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-06151" }, { "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "db": "CNNVD", "id": "CNNVD-201705-574" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-110883" }, { "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "db": "NVD", "id": "CVE-2017-2680" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-023-02" }, { "trust": 2.0, "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/98369" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1038463" }, { "trust": 1.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-129-02" }, { "trust": 0.9, "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2680" }, { "trust": 0.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-128-01" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2680" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-129-02" }, { "trust": 0.3, "url": "http://subscriber.communications.siemens.com/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-06151" }, { "db": "VULHUB", "id": "VHN-110883" }, { "db": "BID", "id": "98369" }, { "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "db": "NVD", "id": "CVE-2017-2680" }, { "db": "CNNVD", "id": "CNNVD-201705-574" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4" }, { "db": "CNVD", "id": "CNVD-2017-06151" }, { "db": "VULHUB", "id": "VHN-110883" }, { "db": "BID", "id": "98369" }, { "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "db": "NVD", "id": "CVE-2017-2680" }, { "db": "CNNVD", "id": "CNNVD-201705-574" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-05-09T00:00:00", "db": "IVD", "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4" }, { "date": "2017-05-09T00:00:00", "db": "CNVD", "id": "CNVD-2017-06151" }, { "date": "2017-05-11T00:00:00", "db": "VULHUB", "id": "VHN-110883" }, { "date": "2017-05-08T00:00:00", "db": "BID", "id": "98369" }, { "date": "2017-06-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "date": "2017-05-11T01:29:05.400000", "db": "NVD", "id": "CVE-2017-2680" }, { "date": "2017-05-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201705-574" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-05-09T00:00:00", "db": "CNVD", "id": "CNVD-2017-06151" }, { "date": "2020-09-29T00:00:00", "db": "VULHUB", "id": "VHN-110883" }, { "date": "2018-05-09T14:00:00", "db": "BID", "id": "98369" }, { "date": "2018-05-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "date": "2022-04-12T18:29:01.937000", "db": "NVD", "id": "CVE-2017-2680" }, { "date": "2022-02-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201705-574" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201705-574" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Siemens Service disruption in products (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-004134" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201705-574" } ], "trust": 0.6 } }
var-201812-0461
Vulnerability from variot
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). Specially crafted network packets sent to port 102/tcp (ISO-TSAP) could allow a remote attacker to either cause a Denial-of-Service condition of the integrated software firewall or allow to execute code in the context of the software firewall. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 102/tcp. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. Security vulnerabilities exist in several Siemens products. And integrity. A heap based buffer-overflow vulnerability. 2. An integer overflow vulnerability. 3. A security bypass vulnerability. 4. An arbitrary code execution vulnerability. 5. Multiple privilege escalation vulnerabilities. 6. A stack based buffer-overflow vulnerability. 7. A buffer-overflow vulnerability. 8. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0461", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sinumerik 840d sl v4.8", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 808d v4.7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinumerik 828d v4.7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d v4.8", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinumerik 840d sl v4.7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 840d sl", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 840d sp6 hf5", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 840d sp3", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.8" }, { "model": "sinumerik 828d sp6 hf1", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.7" }, { "model": "sinumerik 808d v4.8", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinumerik 808d v4.7", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d v4.7", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl v4.8", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl v4.7", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 808d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl sp3", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinumerik 840d sl sp6 hf5", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d sp6 hf1", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 808d v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 808d v4 8", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl v4 7", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 840d sl v4 8", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik 828d v4 7", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25423" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013320" }, { "db": "NVD", "id": "CVE-2018-11466" }, { "db": "CNNVD", "id": "CNNVD-201812-607" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_808d_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_808d_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_808d_v4.8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_808d_v4.8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_v4.8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl_v4.8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_v4.7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_828d_v4.7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-11466" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anton Kalinin, Danila Parnishchev, Dmitry Sklyar, Gleb Gritsai, Kirill Nesterov, Radu Motspan, and Sergey Sidorov from Kaspersky Lab.", "sources": [ { "db": "BID", "id": "106185" } ], "trust": 0.3 }, "cve": "CVE-2018-11466", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-11466", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2018-25423", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-121328", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-11466", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-11466", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2018-25423", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201812-607", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-121328", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25423" }, { "db": "VULHUB", "id": "VHN-121328" }, { "db": "JVNDB", "id": "JVNDB-2018-013320" }, { "db": "NVD", "id": "CVE-2018-11466" }, { "db": "CNNVD", "id": "CNNVD-201812-607" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). Specially crafted network packets sent to port 102/tcp (ISO-TSAP) could allow a remote attacker to either cause a Denial-of-Service condition of the integrated software firewall or allow to execute code in the context of the software firewall. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 102/tcp. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINUMERIK 808D , SINUMERIK 828D , SINUMERIK 840D sl Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SINUMERIK 808D is a CNC machine system controller from Siemens AG. Security vulnerabilities exist in several Siemens products. And integrity. A heap based buffer-overflow vulnerability. \n2. An integer overflow vulnerability. \n3. A security bypass vulnerability. \n4. An arbitrary code execution vulnerability. \n5. Multiple privilege escalation vulnerabilities. \n6. A stack based buffer-overflow vulnerability. \n7. A buffer-overflow vulnerability. \n8. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the context of affected device, gain host privileges and perform unauthorized actions, to modify or destroy data without having proper authorization to do so, to bypass security restrictions or cause a denial-of-service condition. Siemens SINUMERIK 808D, etc", "sources": [ { "db": "NVD", "id": "CVE-2018-11466" }, { "db": "JVNDB", "id": "JVNDB-2018-013320" }, { "db": "CNVD", "id": "CNVD-2018-25423" }, { "db": "BID", "id": "106185" }, { "db": "IVD", "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-121328" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-11466", "trust": 3.6 }, { "db": "SIEMENS", "id": "SSA-170881", "trust": 2.6 }, { "db": "BID", "id": "106185", "trust": 2.0 }, { "db": "ICS CERT", "id": "ICSA-18-345-02", "trust": 1.1 }, { "db": "CNNVD", "id": "CNNVD-201812-607", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-25423", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-013320", "trust": 0.8 }, { "db": "IVD", "id": "7D847EF2-463F-11E9-B6C1-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-121328", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25423" }, { "db": "VULHUB", "id": "VHN-121328" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013320" }, { "db": "NVD", "id": "CVE-2018-11466" }, { "db": "CNNVD", "id": "CNNVD-201812-607" } ] }, "id": "VAR-201812-0461", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25423" }, { "db": "VULHUB", "id": "VHN-121328" } ], "trust": 1.7086762260000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25423" } ] }, "last_update_date": "2023-12-18T12:00:50.969000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-170881", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "title": "Patches for multiple Siemens product remote code execution vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/147347" }, { "title": "Multiple Siemens Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87852" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25423" }, { "db": "JVNDB", "id": "JVNDB-2018-013320" }, { "db": "CNNVD", "id": "CNNVD-201812-607" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-284", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013320" }, { "db": "NVD", "id": "CVE-2018-11466" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/106185" }, { "trust": 1.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-345-02" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11466" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11466" }, { "trust": 0.3, "url": "http://subscriber.communications.siemens.com/" }, { "trust": 0.3, "url": "https://www.industry.siemens.com/topics/global/en/cnc4you/cnc_downloads/sinutrain_downloads/pages/sinutrain_downloads.aspx" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25423" }, { "db": "VULHUB", "id": "VHN-121328" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013320" }, { "db": "NVD", "id": "CVE-2018-11466" }, { "db": "CNNVD", "id": "CNNVD-201812-607" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-25423" }, { "db": "VULHUB", "id": "VHN-121328" }, { "db": "BID", "id": "106185" }, { "db": "JVNDB", "id": "JVNDB-2018-013320" }, { "db": "NVD", "id": "CVE-2018-11466" }, { "db": "CNNVD", "id": "CNNVD-201812-607" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-14T00:00:00", "db": "IVD", "id": "7d847ef2-463f-11e9-b6c1-000c29342cb1" }, { "date": "2018-12-14T00:00:00", "db": "CNVD", "id": "CNVD-2018-25423" }, { "date": "2018-12-12T00:00:00", "db": "VULHUB", "id": "VHN-121328" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-02-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013320" }, { "date": "2018-12-12T16:29:00.700000", "db": "NVD", "id": "CVE-2018-11466" }, { "date": "2018-12-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-607" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-01-15T00:00:00", "db": "CNVD", "id": "CNVD-2018-25423" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-121328" }, { "date": "2018-12-11T00:00:00", "db": "BID", "id": "106185" }, { "date": "2019-03-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013320" }, { "date": "2019-10-09T23:33:34.290000", "db": "NVD", "id": "CVE-2018-11466" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-607" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-607" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural SINUMERIK Access control vulnerabilities in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013320" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-607" } ], "trust": 0.6 } }