CVE-2018-16556

Published: Dic 13, 2018 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2018-8363 Aliases: GSD-2018-16556

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

HIGH 7,8

Source: [email protected]

Access Vector: network

Access Complexity: low

Authentication: none

Confidentiality: none

Integrity: none

Availability: complete

Description

AI Translation Available

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via
PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected
devices to go into defect mode. Manual reboot is required to resume normal
operation.

Successful exploitation requires an attacker to be able to send specially
crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi
Point Interfaces (MPI). No user interaction and no user privileges are
required to exploit the security vulnerability. The vulnerability could allow
causing a denial of service condition of the core functionality of the CPU,
compromising the availability of the system.

AI Generated Translation

È stata identificata una vulnerabilità in SIMATIC S7-400 CPU 412-1 DP V7 (Tutte le versioni), SIMATIC S7-400 CPU 412-2 DP V7 (Tutte le versioni), SIMATIC S7-400 CPU 414-2 DP V7 (Tutte le versioni), SIMATIC S7-400 CPU 414-3 DP V7 (Tutte le versioni), SIMATIC S7-400 CPU 414-3 PN/DP V7 (Tutte le versioni < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (Tutte le versioni < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (Tutte le versioni), SIMATIC S7-400 CPU 416-3 DP V7 (Tutte le versioni), SIMATIC S7-400 CPU 416-3 PN/DP V7 (Tutte le versioni < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (Tutte le versioni), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (Tutte le versioni < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (Tutte le versioni), SIMATIC S7-400 CPU 412-2 PN V7 (Tutte le versioni < V7.0.3), famiglia CPU SIMATIC S7-400 H V4.5 e inferiori (incluse varianti SIPLUS) (Tutte le versioni), famiglia CPU SIMATIC S7-400 H V6 (incluse varianti SIPLUS) (Tutte le versioni < V6.0.9), famiglia CPU SIMATIC S7-400 PN/DP V6 e inferiori (incluse varianti SIPLUS) (Tutte le versioni), famiglia CPU SIMATIC S7-410 (incluse varianti SIPLUS) (Tutte le versioni < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (Tutte le versioni < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (Tutte le versioni < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (Tutte le versioni), SIPLUS S7-400 CPU 417-4 V7 (Tutte le versioni). Packet appositamente creati inviati alla porta 102/tcp tramite interfaccia Ethernet, PROFIBUS o Multi Point Interfaces (MPI) potrebbero causare il blocco dei dispositivi interessati. È necessario un riavvio manuale per ripristinare il normale funzionamento.

Lo sfruttamento con successo richiede che un attaccante possa inviare pacchetti appositamente creati alla porta 102/tcp tramite interfaccia Ethernet, PROFIBUS o Multi Point Interfaces (MPI). Non sono richieste interazioni o privilegi utente per sfruttare la vulnerabilità di sicurezza. La vulnerabilità potrebbe consentire di causare una condizione di denial of service delle funzionalità principali della CPU, compromettendo la disponibilità del sistema.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0019

Percentile

0,4th

Updated

EPSS Score Trend (Last 90 Days)

Improper Input Validation

Stable

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Confidentiality Integrity

Potential Impacts:

Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Read Memory Read Files Or Directories Modify Memory Execute Unauthorized Code Or Commands

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

Operating System

Simatic S7-410 Firmware by Siemens

Product Information

Vendor Siemens

Product Simatic S7-410 Firmware

Version Range Affected

To 8.2.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:siemens:simatic_s7-410_firmware:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Simatic S7-400H Firmware by Siemens

Product Information

Vendor Siemens

Product Simatic S7-400H Firmware

Version Range Affected

To v4.5 (inclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:siemens:simatic_s7-400h_firmware:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Simatic S7-400 Firmware by Siemens

Product Information

Vendor Siemens

Product Simatic S7-400 Firmware

Version Range Affected

To v6.0 (inclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:siemens:simatic_s7-400_firmware:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Simatic S7-400H V6 Firmware by Siemens

Product Information

Vendor Siemens

Product Simatic S7-400H V6 Firmware

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:siemens:simatic_s7-400h_v6_firmware:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Simatic S7-400 Pn\/Dp V7 Firmware by Siemens

Product Information

Vendor Siemens

Product Simatic S7-400 Pn\/Dp V7 Firmware

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:siemens:simatic_s7-400_pn\/dp_v7_firmware:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://cert-portal.siemens.com/productcert/pdf/ssa-113131.…

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-113131.…

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf

CVE-2018-16556

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Improper Input Validation

Common Consequences

Applicable Platforms

Simatic S7-410 Firmware by Siemens

Product Information

Simatic S7-400H Firmware by Siemens

Product Information

Simatic S7-400 Firmware by Siemens

Product Information

Simatic S7-400H V6 Firmware by Siemens

Product Information

Simatic S7-400 Pn\/Dp V7 Firmware by Siemens

Product Information

Iscriviti alla newsletter