Vulnerabilites related to siemens - simatic_s7-300_cpu_319-3_pn\/dp
cve-2016-9159
Vulnerability from cvelistv5
Published
2016-12-17 03:34
Modified
2024-08-06 02:42
Severity ?
Summary
A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices.
References
http://www.securityfocus.com/bid/94820vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1037434vdb-entry, x_refsource_SECTRACK
https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05x_refsource_MISC
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdfx_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdfx_refsource_MISC
Impacted products
Vendor Product Version
Siemens AG SIMATIC S7-300 CPU family Version: All versions
Siemens AG SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) Version: All versions
Siemens AG SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) Version: All versions
Siemens AG SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) Version: All versions
Siemens AG SIMATIC S7-400 V6 and earlier CPU family Version: All versions
Siemens AG SIMATIC S7-400 V7 CPU family Version: All versions
Siemens AG SIMATIC S7-410 V8 CPU family Version: All versions
Siemens AG SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) Version: All versions
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:42:11.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94820",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94820"
          },
          {
            "name": "1037434",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037434"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SIMATIC S7-300 CPU family",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-400 V6 and earlier CPU family",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-400 V7 CPU family",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-410 V8 CPU family",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "datePublic": "2016-12-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-10T19:16:14",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "name": "94820",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94820"
        },
        {
          "name": "1037434",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037434"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2016-9159",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC S7-300 CPU family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-400 V6 and earlier CPU family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-400 V7 CPU family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-410 V8 CPU family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200: Information Exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94820",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94820"
            },
            {
              "name": "1037434",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037434"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
            },
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2016-9159",
    "datePublished": "2016-12-17T03:34:00",
    "dateReserved": "2016-11-03T00:00:00",
    "dateUpdated": "2024-08-06T02:42:11.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9158
Vulnerability from cvelistv5
Published
2016-12-17 03:34
Modified
2024-08-06 02:42
Severity ?
Summary
A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system.
References
http://www.securityfocus.com/bid/94820vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1037434vdb-entry, x_refsource_SECTRACK
https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05x_refsource_MISC
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdfx_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdfx_refsource_MISC
Impacted products
Vendor Product Version
Siemens AG SIMATIC S7-300 CPU family Version: All versions
Siemens AG SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) Version: All versions
Siemens AG SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) Version: All versions
Siemens AG SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) Version: All versions
Siemens AG SIMATIC S7-400 V6 and earlier CPU family Version: All versions
Siemens AG SIMATIC S7-400 V7 CPU family Version: All versions
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:42:10.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94820",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94820"
          },
          {
            "name": "1037434",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037434"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SIMATIC S7-300 CPU family",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-400 V6 and earlier CPU family",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-400 V7 CPU family",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "datePublic": "2016-12-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-10T19:16:14",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "name": "94820",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94820"
        },
        {
          "name": "1037434",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037434"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2016-9158",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC S7-300 CPU family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-400 V6 and earlier CPU family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-400 V7 CPU family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20: Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94820",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94820"
            },
            {
              "name": "1037434",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037434"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
            },
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2016-9158",
    "datePublished": "2016-12-17T03:34:00",
    "dateReserved": "2016-11-03T00:00:00",
    "dateUpdated": "2024-08-06T02:42:10.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-13940
Vulnerability from cvelistv5
Published
2020-02-11 15:36
Modified
2024-08-05 00:05
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
Summary
A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp. Beyond the web service, no other functions or interfaces are affected by the denial of service condition.
References
https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf
Impacted products
Vendor Product Version
Siemens SIMATIC ET 200pro IM154-8 PN/DP CPU Version: All versions < V3.X.17
Siemens SIMATIC ET 200pro IM154-8F PN/DP CPU Version: All versions < V3.X.17
Siemens SIMATIC ET 200pro IM154-8FX PN/DP CPU Version: All versions < V3.X.17
Siemens SIMATIC ET 200S IM151-8 PN/DP CPU Version: All versions < V3.X.17
Siemens SIMATIC ET 200S IM151-8F PN/DP CPU Version: All versions < V3.X.17
Siemens SIMATIC S7-1200 CPU family (incl. SIPLUS variants) Version: All versions < V4.1
Siemens SIMATIC S7-300 CPU 314C-2 PN/DP Version: All versions < V3.X.17
Siemens SIMATIC S7-300 CPU 315-2 PN/DP Version: All versions < V3.X.17
Siemens SIMATIC S7-300 CPU 315F-2 PN/DP Version: All versions < V3.X.17
Siemens SIMATIC S7-300 CPU 315T-3 PN/DP Version: All versions < V3.X.17
Siemens SIMATIC S7-300 CPU 317-2 PN/DP Version: All versions < V3.X.17
Siemens SIMATIC S7-300 CPU 317F-2 PN/DP Version: All versions < V3.X.17
Siemens SIMATIC S7-300 CPU 317T-3 PN/DP Version: All versions < V3.X.17
Siemens SIMATIC S7-300 CPU 317TF-3 PN/DP Version: All versions < V3.X.17
Siemens SIMATIC S7-300 CPU 319-3 PN/DP Version: All versions < V3.X.17
Siemens SIMATIC S7-300 CPU 319F-3 PN/DP Version: All versions < V3.X.17
Siemens SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) Version: All versions
Siemens SIMATIC WinAC RTX 2010 Version: All versions
Siemens SIMATIC WinAC RTX F 2010 Version: All versions
Siemens SIPLUS ET 200S IM151-8 PN/DP CPU Version: All versions < V3.X.17
Siemens SIPLUS ET 200S IM151-8F PN/DP CPU Version: All versions < V3.X.17
Siemens SIPLUS S7-300 CPU 314C-2 PN/DP Version: All versions < V3.X.17
Siemens SIPLUS S7-300 CPU 315-2 PN/DP Version: All versions < V3.X.17
Siemens SIPLUS S7-300 CPU 315F-2 PN/DP Version: All versions < V3.X.17
Siemens SIPLUS S7-300 CPU 317-2 PN/DP Version: All versions < V3.X.17
Siemens SIPLUS S7-300 CPU 317F-2 PN/DP Version: All versions < V3.X.17
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:05:44.018Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM154-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM154-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM154-8FX PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200S IM151-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200S IM151-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 314C-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317TF-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 319-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 319F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinAC RTX 2010",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinAC RTX F 2010",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200S IM151-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200S IM151-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 314C-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 315-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 315F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 317-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 317F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.X.17"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions \u003c V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions \u003c V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions \u003c V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions \u003c V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions \u003c V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions \u003c V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions \u003c V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server\r\nby sending specially crafted HTTP requests to ports 80/tcp and 443/tcp.\r\n\r\nBeyond the web service, no other functions or interfaces are affected by the denial of service condition."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-10T11:39:13.999Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2019-13940",
    "datePublished": "2020-02-11T15:36:10",
    "dateReserved": "2019-07-18T00:00:00",
    "dateUpdated": "2024-08-05T00:05:44.018Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2020-02-11 16:15
Modified
2024-11-21 04:25
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp. Beyond the web service, no other functions or interfaces are affected by the denial of service condition.
References
productcert@siemens.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdfVendor Advisory
Impacted products
Vendor Product Version
siemens s7-1200_cpu_1211c_firmware *
siemens s7-1200_cpu_1211c -
siemens s7-1200_cpu_1212c_firmware *
siemens s7-1200_cpu_1212c -
siemens s7-1200_cpu_1214c_firmware *
siemens s7-1200_cpu_1214c -
siemens s7-1200_cpu_1215c_firmware *
siemens s7-1200_cpu_1215c -
siemens s7-1200_cpu_1217c_firmware *
siemens s7-1200_cpu_1217c -
siemens s7-1200_cpu_1212fc_firmware *
siemens s7-1200_cpu_1212fc -
siemens s7-1200_cpu_1214fc_firmware *
siemens s7-1200_cpu_1214fc -
siemens s7-1200_cpu_1215fc_firmware *
siemens s7-1200_cpu_1215fc -
siemens siplus_s7-1200_firmware *
siemens siplus_s7-1200 -
siemens siplus_cpu_1211c_firmware *
siemens siplus_cpu_1211c -
siemens siplus_cpu_1212c_firmware *
siemens siplus_cpu_1212c -
siemens siplus_cpu_1214c_firmware *
siemens siplus_cpu_1214c -
siemens siplus_cpu_1215c_firmware *
siemens siplus_cpu_1215c -
siemens simatic_s7-300_cpu_319-3_pn\/dp_firmware *
siemens simatic_s7-300_cpu_319-3_pn\/dp -
siemens simatic_s7-300_cpu_315-2dp_firmware *
siemens simatic_s7-300_cpu_315-2dp -
siemens simatic_s7-300_cpu_315-2_pn\/dp_firmware *
siemens simatic_s7-300_cpu_315-2_pn\/dp -
siemens simatic_s7-300_cpu_317-2_dp_firmware *
siemens simatic_s7-300_cpu_317-2_dp -
siemens simatic_s7-300_cpu_317-2_pn\/dp_firmware *
siemens simatic_s7-300_cpu_317-2_pn\/dp -
siemens simatic_s7-300_cpu_319-3_pn\/dp_firmware *
siemens simatic_s7-300_cpu_319-3_pn\/dp -
siemens siplus_s7-300_cpu_314_firmware *
siemens siplus_s7-300_cpu_314 -
siemens siplus_s7-300_cpu_315-2_dp_firmware *
siemens siplus_s7-300_cpu_315-2_dp -
siemens siplus_s7-300_cpu_315-2_pn\/dp_firmware *
siemens siplus_s7-300_cpu_315-2_pn\/dp -
siemens siplus_s7-300_cpu_317-2_pn\/dp_firmware *
siemens siplus_s7-300_cpu_317-2_pn\/dp v6
siemens simatic_s7-400_pn\/dp_cpu_firmware *
siemens simatic_s7-400_pn\/dp_cpu v7
siemens simatic_winac_rtx_\(f\)_2010 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9437AAD-4048-40DD-9744-E1D6D674F6E0",
              "versionEndExcluding": "4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1211c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "61C1E689-5C2F-4EA6-8908-F4DE80F0DC15",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3819941-7F6C-44F0-A91D-76AA0EF80108",
              "versionEndExcluding": "4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1212c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F64C2324-903C-4D44-A882-DAFAC6D72A41",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1E3D84C-3367-4B6F-BF7C-DD4D2C91D79A",
              "versionEndExcluding": "4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1214c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C0D9EA6-F503-4EF3-A59E-E9DD27194C6D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DC7EE33-D833-4D19-82B7-02D0A8DA99C5",
              "versionEndExcluding": "4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1215c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1885A3FE-DB40-47B7-AC89-1D778F702E2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "057D3C0B-19CB-4CEE-9CE1-75F1E2B9F7B6",
              "versionEndExcluding": "4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1217c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C66C66F8-8A06-4BA0-A2E2-82889778C0FA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1212fc_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21ACBE3A-6B9B-47E0-AF50-95E5FF17F811",
              "versionEndExcluding": "4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "44D5089B-413A-4829-A035-8E2852C41291",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1214fc_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A80C325-BA66-413E-AB52-E75AE78E14B9",
              "versionEndExcluding": "4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1214fc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "72240379-74FC-4C3C-A31B-BFEEADB8FFFD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1215fc_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23DD97D0-C6DC-4745-AA0A-1F636B5B805C",
              "versionEndExcluding": "4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1215fc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3B5BEF3-84FF-4D05-A010-94A8E2593E2E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siplus_s7-1200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5091C8D1-D15F-4632-95B9-5D7811CE6554",
              "versionEndExcluding": "4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siplus_s7-1200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "108670FB-BE27-4961-8CCB-07E1FF93624D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siplus_cpu_1211c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B091889A-AC6B-4301-815C-530F1D6D5238",
              "versionEndExcluding": "4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siplus_cpu_1211c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "658D85DE-D124-4452-8540-D0A165FF79EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siplus_cpu_1212c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB20B434-8AA7-4DFC-9C7B-2C778C54D9D3",
              "versionEndExcluding": "4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siplus_cpu_1212c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED7AE1F6-A1D2-40AF-BDDD-5D3913D75833",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siplus_cpu_1214c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D4C79E6-052B-47F2-BCDA-D8A792B7D0EE",
              "versionEndIncluding": "4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siplus_cpu_1214c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC520E65-87BF-41FB-BE5B-0D309F42FD50",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siplus_cpu_1215c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C742F31E-66A8-4781-A4EF-881C4E45190E",
              "versionEndExcluding": "4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siplus_cpu_1215c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "889E0984-9116-4928-ABD0-12FC92079B22",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_319-3_pn\\/dp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3143965-3A6D-4EFD-9DF4-A341DFE0E922",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_319-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7167E5B0-D278-4F63-B5CD-39DBDF336089",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2dp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A1557AE-0F0A-4EA8-AE26-779E8C98336F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEB6DA13-FD4E-4168-A08A-00547E656CA1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_pn\\/dp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4309A70D-5C4C-4F03-A5C6-1735AEE0E410",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A773F92D-E5C0-4B51-8214-19BFE6BC7638",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_dp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0B56C44-3148-4612-9543-9F96DF0142A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7593F136-F558-4C3D-8429-5141A621981B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_pn\\/dp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3677E3F-ABFE-4D77-96CF-68E58FF45CF1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340DA65-BA46-4F72-8951-93135F9F6602",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_319-3_pn\\/dp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3143965-3A6D-4EFD-9DF4-A341DFE0E922",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_319-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7167E5B0-D278-4F63-B5CD-39DBDF336089",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siplus_s7-300_cpu_314_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B922AD6-819B-4D7F-A31A-E4D39CE8DC6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siplus_s7-300_cpu_314:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "88F00AE1-D55A-4C7C-A421-2B89BDFE4C9D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siplus_s7-300_cpu_315-2_dp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A94629F5-6569-406C-8E8E-990F2E21B0A0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siplus_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D038857-CED3-4312-9B86-36DC10A0398F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siplus_s7-300_cpu_315-2_pn\\/dp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B093DE9C-1E39-4CF3-89B9-6A2B678A477E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siplus_s7-300_cpu_315-2_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FC6FF34-3155-4CF8-88D5-4EAE00B32163",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siplus_s7-300_cpu_317-2_pn\\/dp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3844D023-F67B-41B4-8B9E-EAF8B79E9209",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siplus_s7-300_cpu_317-2_pn\\/dp:v6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5CDFEA-E5F2-419F-A1B3-D98C44D38D84",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-400_pn\\/dp_cpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ECD08DA-16E8-4C33-A07B-DA1EACADAF70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_pn\\/dp_cpu:v7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A07D125-F671-40E6-8E9C-6E13F7E00ADD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:simatic_winac_rtx_\\(f\\)_2010:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5537D556-046A-444A-9AB6-B4F9AA121CF1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions \u003c V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions \u003c V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions \u003c V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions \u003c V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions \u003c V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions \u003c V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions \u003c V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server\r\nby sending specially crafted HTTP requests to ports 80/tcp and 443/tcp.\r\n\r\nBeyond the web service, no other functions or interfaces are affected by the denial of service condition."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en la familia de CPUs SIMATIC S7-1200 (incluidas las variantes SIPLUS) (Todas las versiones anteriores a V4.1), la familia de CPUs SIMATIC S7-300 PN/DP (incluidas las CPUs ET200 relacionadas y las variantes SIPLUS) (Todas las versiones anteriores a V3.X.17 ), familia de CPU SIMATIC S7-400 PN/DP V6 e inferiores (incl. variantes SIPLUS) (Todas las versiones), familia de CPU SIMATIC S7-400 PN/DP V7 (incl. variantes SIPLUS) (Todas las versiones), SIMATIC WinAC RTX (F) 2010 (Todas las versiones). Los dispositivos afectados contienen una vulnerabilidad que podr\u00eda causar una condici\u00f3n de denegaci\u00f3n de servicio del servidor web mediante el env\u00edo de peticiones HTTP especialmente dise\u00f1adas a los puertos 80/tcp y 443/tcp. La vulnerabilidad de seguridad podr\u00eda ser explotada por un atacante con acceso a la red de un dispositivo afectado. La explotaci\u00f3n exitosa no requiere privilegios del sistema ni interacci\u00f3n del usuario. Un atacante podr\u00eda utilizar la vulnerabilidad para comprometer la disponibilidad del servidor web del dispositivo. Aparte del servicio web, no hay otras funciones o interfaces afectadas por la condici\u00f3n de denegaci\u00f3n de servicio"
    }
  ],
  "id": "CVE-2019-13940",
  "lastModified": "2024-11-21T04:25:44.283",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "productcert@siemens.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-11T16:15:14.773",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-12-17 03:59
Modified
2024-11-21 03:00
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices.
References
productcert@siemens.comhttp://www.securityfocus.com/bid/94820
productcert@siemens.comhttp://www.securitytracker.com/id/1037434
productcert@siemens.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf
productcert@siemens.comhttps://ics-cert.us-cert.gov/advisories/ICSA-16-348-05
productcert@siemens.comhttps://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94820
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037434
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf
af854a3a-2127-422b-91ae-364da2661108https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05
af854a3a-2127-422b-91ae-364da2661108https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf
Impacted products
Vendor Product Version
siemens simatic_s7-300_cpu_firmware -
siemens simatic_s7-300_cpu_312 -
siemens simatic_s7-300_cpu_314 -
siemens simatic_s7-300_cpu_315-2_dp -
siemens simatic_s7-300_cpu_315-2_pn\/dp -
siemens simatic_s7-300_cpu_317-_2_dp -
siemens simatic_s7-300_cpu_317-2_pn\/dp -
siemens simatic_s7-300_cpu_319-3_pn\/dp -
siemens simatic_s7-400_cpu_firmware -
siemens simatic_s7-400_cpu_412-1 -
siemens simatic_s7-400_cpu_412-2 -
siemens simatic_s7-400_cpu_412-2_pn -
siemens simatic_s7-400_cpu_414-2 -
siemens simatic_s7-400_cpu_414-3 -
siemens simatic_s7-400_cpu_414-3_pn\/dp -
siemens simatic_s7-400_cpu_416-2 -
siemens simatic_s7-400_cpu_416-3 -
siemens simatic_s7-400_cpu_416-3_pn\/dp -
siemens simatic_s7-400_cpu_416f-2 -
siemens simatic_s7-400_cpu_416f-3_pn\/dp -
siemens simatic_s7-400_cpu_417-4 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76189399-9032-4695-A976-8415E26B0DB8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_312:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB328F8-3E03-440B-AB5C-ADA1D4F07F0E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "78399465-EED5-4EBD-A2E1-6FE0BD01EDB4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8FD8E6D-0527-4215-B6F0-5824011433FB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A773F92D-E5C0-4B51-8214-19BFE6BC7638",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-_2_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3C5065F-C0B9-4427-A9D2-072AFF3FCA69",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340DA65-BA46-4F72-8951-93135F9F6602",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_319-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7167E5B0-D278-4F63-B5CD-39DBDF336089",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-400_cpu_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6EBD5F0-16A6-466B-80E5-B95DDBDE2FA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_412-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6498C679-46A3-4F87-9278-F64D2194E1F5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_412-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85F8C306-45F5-429B-B932-0278A9B909B7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_412-2_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E162F8-B37A-4FFA-A523-FA6227372D37",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_414-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CD1CA5C-F729-4311-9E78-156BB6DE31A7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "20E69856-A628-4B9D-9184-7FB9A924193E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1EC8F19-313A-4C74-A68A-AAC320B123CE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "195259DF-8ABE-47A9-9A13-6BDAA25AA898",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3412299F-5778-4290-A80C-29BC6F46F701",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC41E925-88AF-4D33-AC49-CE5FEAAF2105",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416f-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "61363AEF-CBDB-4405-A605-4997798D38D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416f-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CFC71AB-3ACF-4E7E-B83E-31E02DEBDA48",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_417-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "711A91B2-EB16-418B-AA63-56DFD40075D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en la familia de CPU SIMATIC S7-300 (todas las versiones), la familia de CPU SIMATIC S7-300 (incluidas las CPU ET200 relacionadas y las variantes SIPLUS) (todas las versiones), SIMATIC S7-400 PN / DP V6 y familias de CPU inferiores (incl. variantes SIPLUS) (todas las versiones), familia de CPU SIMATIC S7-400 PN / DP V7 (incl. variantes SIPLUS) (todas las versiones), SIMATIC S7-400 V6 y familia de CPU anterior (todas las versiones), SIMATIC S7-400 Familia de CPU V7 (todas las versiones), familia de CPU SIMATIC S7-410 V8 (todas las versiones), familia de CPU SIMATIC S7-410 V8 (incluidas las variantes SIPLUS) (todas las versiones). Un atacante con acceso de red al puerto 102 / tcp (ISO-TSAP) o a trav\u00e9s de Profibus podr\u00eda obtener credenciales del PLC si el nivel de protecci\u00f3n 2 est\u00e1 configurado en los dispositivos afectados."
    }
  ],
  "id": "CVE-2016-9159",
  "lastModified": "2024-11-21T03:00:43.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-17T03:59:00.233",
  "references": [
    {
      "source": "productcert@siemens.com",
      "url": "http://www.securityfocus.com/bid/94820"
    },
    {
      "source": "productcert@siemens.com",
      "url": "http://www.securitytracker.com/id/1037434"
    },
    {
      "source": "productcert@siemens.com",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
    },
    {
      "source": "productcert@siemens.com",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
    },
    {
      "source": "productcert@siemens.com",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/94820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-12-17 03:59
Modified
2024-11-21 03:00
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system.
References
productcert@siemens.comhttp://www.securityfocus.com/bid/94820
productcert@siemens.comhttp://www.securitytracker.com/id/1037434
productcert@siemens.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf
productcert@siemens.comhttps://ics-cert.us-cert.gov/advisories/ICSA-16-348-05
productcert@siemens.comhttps://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94820
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037434
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf
af854a3a-2127-422b-91ae-364da2661108https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05
af854a3a-2127-422b-91ae-364da2661108https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf
Impacted products
Vendor Product Version
siemens simatic_s7-300_cpu_firmware -
siemens simatic_s7-300_cpu_312 -
siemens simatic_s7-300_cpu_314 -
siemens simatic_s7-300_cpu_315-2_dp -
siemens simatic_s7-300_cpu_315-2_pn\/dp -
siemens simatic_s7-300_cpu_317-_2_dp -
siemens simatic_s7-300_cpu_317-2_pn\/dp -
siemens simatic_s7-300_cpu_319-3_pn\/dp -
siemens simatic_s7-400_cpu_firmware -
siemens simatic_s7-400_cpu_412-1 -
siemens simatic_s7-400_cpu_412-2 -
siemens simatic_s7-400_cpu_412-2_pn -
siemens simatic_s7-400_cpu_414-2 -
siemens simatic_s7-400_cpu_414-3 -
siemens simatic_s7-400_cpu_414-3_pn\/dp -
siemens simatic_s7-400_cpu_416-2 -
siemens simatic_s7-400_cpu_416-3 -
siemens simatic_s7-400_cpu_416-3_pn\/dp -
siemens simatic_s7-400_cpu_416f-2 -
siemens simatic_s7-400_cpu_416f-3_pn\/dp -
siemens simatic_s7-400_cpu_417-4 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76189399-9032-4695-A976-8415E26B0DB8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_312:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB328F8-3E03-440B-AB5C-ADA1D4F07F0E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "78399465-EED5-4EBD-A2E1-6FE0BD01EDB4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8FD8E6D-0527-4215-B6F0-5824011433FB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A773F92D-E5C0-4B51-8214-19BFE6BC7638",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-_2_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3C5065F-C0B9-4427-A9D2-072AFF3FCA69",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340DA65-BA46-4F72-8951-93135F9F6602",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_319-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7167E5B0-D278-4F63-B5CD-39DBDF336089",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-400_cpu_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6EBD5F0-16A6-466B-80E5-B95DDBDE2FA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_412-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6498C679-46A3-4F87-9278-F64D2194E1F5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_412-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85F8C306-45F5-429B-B932-0278A9B909B7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_412-2_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E162F8-B37A-4FFA-A523-FA6227372D37",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_414-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CD1CA5C-F729-4311-9E78-156BB6DE31A7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "20E69856-A628-4B9D-9184-7FB9A924193E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1EC8F19-313A-4C74-A68A-AAC320B123CE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "195259DF-8ABE-47A9-9A13-6BDAA25AA898",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3412299F-5778-4290-A80C-29BC6F46F701",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC41E925-88AF-4D33-AC49-CE5FEAAF2105",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416f-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "61363AEF-CBDB-4405-A605-4997798D38D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416f-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CFC71AB-3ACF-4E7E-B83E-31E02DEBDA48",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_417-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "711A91B2-EB16-418B-AA63-56DFD40075D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en la familia de CPU SIMATIC S7-300 (todas las versiones), la familia de CPU SIMATIC S7-300 (incluidas las CPU ET200 relacionadas y las variantes SIPLUS) (todas las versiones), SIMATIC S7-400 PN / DP V6 y familias de CPU inferiores (incl. variantes SIPLUS) (todas las versiones), familia de CPU SIMATIC S7-400 PN / DP V7 (incl. variantes SIPLUS) (todas las versiones), SIMATIC S7-400 V6 y familia de CPU anterior (todas las versiones), SIMATIC S7-400 Familia de CPU V7 (todas las versiones). Los paquetes especialmente dise\u00f1ados enviados al puerto 80 / tcp podr\u00edan hacer que los dispositivos afectados entren en modo defectuoso. Se requiere un reinicio en fr\u00edo para recuperar el sistema."
    }
  ],
  "id": "CVE-2016-9158",
  "lastModified": "2024-11-21T03:00:43.150",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-17T03:59:00.187",
  "references": [
    {
      "source": "productcert@siemens.com",
      "url": "http://www.securityfocus.com/bid/94820"
    },
    {
      "source": "productcert@siemens.com",
      "url": "http://www.securitytracker.com/id/1037434"
    },
    {
      "source": "productcert@siemens.com",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
    },
    {
      "source": "productcert@siemens.com",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
    },
    {
      "source": "productcert@siemens.com",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/94820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}