var-201812-0392
Vulnerability from variot

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service condition on affected devices. Flashing with a firmware image may be required to recover the CPU.

Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system. plural SIMATIC The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensSIMATICS7-400 is a programmable logic controller for manufacturing and process automation in Siemens, Germany. An input validation vulnerability exists in the Siemens SIMATIC S7-400. An attacker could exploit the vulnerability by sending a specially crafted packet to the TCP port 102. Siemens SIMATIC S7-400 CPU is prone to multiple denial-of-service vulnerabilities. Remote attackers may exploit these issues to cause denial-of-service conditions, denying service to legitimate users. A vulnerability has been identified in SIMATIC S7-400 (incl. At the time of advisory publication no public exploitation of this security vulnerability was known. The vulnerability stems from the failure of the network system or product to properly validate the input data

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0392",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic s7-410",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "siemens",
        "version": "8.2.1"
      },
      {
        "model": "simatic s7-400",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "v6.0"
      },
      {
        "model": "simatic s7-400h",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "v4.5"
      },
      {
        "model": "simatic s7-400 pn\\/dp v7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic s7-400h",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.0.9"
      },
      {
        "model": "simatic s7-400h",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.0.0"
      },
      {
        "model": "simatic s7-400 pn/dp v7",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "6"
      },
      {
        "model": "simatic s7-400h v6",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-400h",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "4.5"
      },
      {
        "model": "s7-400",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "\u003c=6"
      },
      {
        "model": "s7-400 pn/dp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "7"
      },
      {
        "model": "s7-400h",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "\u003c=4.5"
      },
      {
        "model": "s7-400h",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "6"
      },
      {
        "model": "s7-410",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "8.2.1"
      },
      {
        "model": "simatic s7-410",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "8.1"
      },
      {
        "model": "simatic s7-410",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "8"
      },
      {
        "model": "simatic s7-400h cpu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.5"
      },
      {
        "model": "simatic s7-400 pn/dp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7"
      },
      {
        "model": "simatic s7-400 h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v60"
      },
      {
        "model": "simatic s7-400 cpu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "6.0"
      },
      {
        "model": "simatic s7-400 cpu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.2"
      },
      {
        "model": "simatic s7-400 cpu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.0"
      },
      {
        "model": "simatic s7-400 cpu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.0"
      },
      {
        "model": "simatic s7-410",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "8.2.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400 pn dp v7",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400h",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 410",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic s7 400h v6",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d803931-463f-11e9-a595-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-23893"
      },
      {
        "db": "BID",
        "id": "107309"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014531"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16557"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "v6.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_pn\\/dp_v7_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400_pn\\/dp_v7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400h_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "v4.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-410_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.2.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-410:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400h_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.0.9",
                    "versionStartIncluding": "6.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-16557"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CNCERT/CC",
    "sources": [
      {
        "db": "BID",
        "id": "107309"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-16557",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-16557",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-23893",
            "impactScore": 7.8,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "7d803931-463f-11e9-a595-000c29342cb1",
            "impactScore": 7.8,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-126928",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "productcert@siemens.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 4.2,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-16557",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-16557",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2018-16557",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-23893",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201811-490",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "7d803931-463f-11e9-a595-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-126928",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d803931-463f-11e9-a595-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-23893"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126928"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014531"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16557"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16557"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-490"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in  SIMATIC S7-400 CPU 412-1 DP V7 (All versions),  SIMATIC S7-400 CPU 412-2 DP V7 (All versions),  SIMATIC S7-400 CPU 414-2 DP V7 (All versions),  SIMATIC S7-400 CPU 414-3 DP V7 (All versions),  SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 416-2 DP V7 (All versions),  SIMATIC S7-400 CPU 416-3 DP V7 (All versions),  SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 416F-2 DP V7 (All versions),  SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions \u003c V7.0.3),  SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions \u003c V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions \u003c V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions \u003c V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions \u003c V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Sending of specially crafted packets to port 102/tcp via Ethernet interface\r\nvia PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service\r\ncondition on affected devices. Flashing with a firmware image may be required\r\nto recover the CPU. \r\n\r\nSuccessful exploitation requires an attacker to have network access to port\r\n102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or\r\nMulti Point Interfaces (MPI) to the device. No user interaction is required. \r\nIf no access protection is configured, no privileges are required to exploit\r\nthe security vulnerability. The vulnerability could allow causing a\r\ndenial of service condition of the core functionality of the CPU,\r\ncompromising the availability of the system. plural SIMATIC The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensSIMATICS7-400 is a programmable logic controller for manufacturing and process automation in Siemens, Germany. An input validation vulnerability exists in the Siemens SIMATIC S7-400. An attacker could exploit the vulnerability by sending a specially crafted packet to the TCP port 102. Siemens SIMATIC S7-400 CPU is prone to multiple denial-of-service vulnerabilities. \nRemote attackers may exploit these issues to cause denial-of-service conditions, denying service to legitimate users. A vulnerability has been identified in SIMATIC S7-400 (incl. At the time of advisory publication no public exploitation of this security vulnerability was known. The vulnerability stems from the failure of the network system or product to properly validate the input data",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-16557"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014531"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-23893"
      },
      {
        "db": "BID",
        "id": "107309"
      },
      {
        "db": "IVD",
        "id": "7d803931-463f-11e9-a595-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126928"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-16557",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-317-02",
        "trust": 2.3
      },
      {
        "db": "SIEMENS",
        "id": "SSA-113131",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-490",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-23893",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014531",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "107309",
        "trust": 0.3
      },
      {
        "db": "IVD",
        "id": "7D803931-463F-11E9-A595-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-126928",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d803931-463f-11e9-a595-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-23893"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126928"
      },
      {
        "db": "BID",
        "id": "107309"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014531"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16557"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-490"
      }
    ]
  },
  "id": "VAR-201812-0392",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7d803931-463f-11e9-a595-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-23893"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126928"
      }
    ],
    "trust": 1.7068722928571431
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d803931-463f-11e9-a595-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-23893"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:00:51.217000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-113131",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
      },
      {
        "title": "SiemensSIMATICS7-400 input verification vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/145251"
      },
      {
        "title": "Siemens SIMATIC S7-400 Enter the fix for the verification vulnerability",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=86890"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-23893"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014531"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-490"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-347",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126928"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014531"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16557"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-317-02"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16557"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16557"
      },
      {
        "trust": 0.3,
        "url": "http://www.siemens.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-23893"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126928"
      },
      {
        "db": "BID",
        "id": "107309"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014531"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16557"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-490"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7d803931-463f-11e9-a595-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-23893"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126928"
      },
      {
        "db": "BID",
        "id": "107309"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014531"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16557"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-490"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-11-23T00:00:00",
        "db": "IVD",
        "id": "7d803931-463f-11e9-a595-000c29342cb1"
      },
      {
        "date": "2018-11-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-23893"
      },
      {
        "date": "2018-12-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-126928"
      },
      {
        "date": "2018-11-13T00:00:00",
        "db": "BID",
        "id": "107309"
      },
      {
        "date": "2019-03-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-014531"
      },
      {
        "date": "2018-12-13T16:29:00.507000",
        "db": "NVD",
        "id": "CVE-2018-16557"
      },
      {
        "date": "2018-11-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-490"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-23893"
      },
      {
        "date": "2023-01-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-126928"
      },
      {
        "date": "2018-11-13T00:00:00",
        "db": "BID",
        "id": "107309"
      },
      {
        "date": "2019-03-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-014531"
      },
      {
        "date": "2023-05-09T13:15:12.410000",
        "db": "NVD",
        "id": "CVE-2018-16557"
      },
      {
        "date": "2023-05-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-490"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-490"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  SIMATIC Vulnerability related to input validation in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014531"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "data forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-490"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.