Details of VAR-201207-0137

ID

VAR-201207-0137

CVE

CVE-2012-3016

TITLE

Siemens SIMATIC S7-400 PN CPU Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2012-003429

DESCRIPTION

Siemens SIMATIC S7-400 PN CPU devices with firmware 6 before 6.0.3 allow remote attackers to cause a denial of service (defect-mode transition and service outage) via crafted ICMP packets. Siemens SIMATIC is an automation software in a single engineering environment. There is a security hole in SIEMENS SIMATIC S7-400. Since the Ethernet port on the SIMATIC S7-400 V6 receives a malformed IP packet, the device enters the Defect mode. The SIMATIC S7-400 V6 CPU defect mode locks the unit and therefore cannot be processed for process control. The attacker can exploit this vulnerability. Conduct a denial of service attack. SIEMENS SIMATIC S7-400 is prone to multiple denial-of-service vulnerabilities. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. ---------------------------------------------------------------------- We are millions! Join us to protect all Pc's Worldwide. Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends: http://secunia.com/psi ---------------------------------------------------------------------- TITLE: Siemens SIMATIC S7-400 Products ICMP Processing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA50115 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50115/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50115 RELEASE DATE: 2012-07-31 DISCUSS ADVISORY: http://secunia.com/advisories/50115/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50115/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50115 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in some Siemens SIMATIC S7-400 products, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is reported in firmware versions 6.0.1 and 6.0.2 in the following products: * CPU 412-2 PN (6ES7412-2EK06-0AB0) * CPU 414-3 PN/DP (6ES7414-3EM06-0AB0) * CPU 414F-3 PN/DP (6ES7414-3FM06-0AB0) * CPU 416-3 PN/DP (6ES7416-3ES06-0AB0) * CPU 416F-3 PN (6ES7416-3FS06-0AB0) SOLUTION: Update to firmware version 6.0.3 (please see the vendor's advisory for more information). PROVIDED AND/OR DISCOVERED BY: The vendor credits ICS-CERT. ORIGINAL ADVISORY: SSA-589272: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-589272.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2012-3016 // JVNDB: JVNDB-2012-003429 // CNVD: CNVD-2012-4031 // BID: 54730 // IVD: 91cd01b4-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-56297 // PACKETSTORM: 115158

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 91cd01b4-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-4031

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7-400 cpu	scope:	eq	version:	6.0.1	Trust: 1.6
vendor:	siemens	model:	simatic s7-400 cpu	scope:	eq	version:	6.0.2	Trust: 1.6
vendor:	siemens	model:	simatic s7-400 cpu 414-3 pn\/dp	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-400 cpu 416f-3 pn\/dp	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-400 cpu 412-2 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-400 cpu 414f-3 pn\/dp	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-400 cpu 416-3 pn\/dp	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-400 cpu 412-2 pn	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu 414-3 pn/dp	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu 414f-3 pn/dp	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu 416-3 pn/dp	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu 416f-3 pn/dp	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu	scope:	lt	version:	6.0.3 6	Trust: 0.8
vendor:	siemens	model:	simatic s7-400	scope:	eq	version:	v66.0.2	Trust: 0.6
vendor:	siemens	model:	simatic s7-400	scope:	eq	version:	v66.0.1	Trust: 0.6
vendor:	siemens	model:	simatic s7-400	scope:	eq	version:	v56.0.2	Trust: 0.6
vendor:	siemens	model:	simatic s7-400	scope:	eq	version:	v56.0.1	Trust: 0.6
vendor:	simatic s7 400 cpu	model:	-	scope:	eq	version:	6.0.1	Trust: 0.2
vendor:	simatic s7 400 cpu	model:	-	scope:	eq	version:	6.0.2	Trust: 0.2
vendor:	simatic s7 400 cpu 412 2 pn	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 400 cpu 414 3 pn dp	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 400 cpu 414f 3 pn dp	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 400 cpu 416 3 pn dp	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 400 cpu 416f 3 pn dp	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 91cd01b4-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-4031 // JVNDB: JVNDB-2012-003429 // CNNVD: CNNVD-201207-596 // NVD: CVE-2012-3016

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3016
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-3016
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201207-596
value:	HIGH
Trust: 0.6
IVD:	91cd01b4-2353-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-56297
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2012-3016
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	91cd01b4-2353-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-56297
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 91cd01b4-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-56297 // JVNDB: JVNDB-2012-003429 // CNNVD: CNNVD-201207-596 // NVD: CVE-2012-3016

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2012-003429 // NVD: CVE-2012-3016

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201207-596

TYPE

other

Trust: 0.8

sources: IVD: 91cd01b4-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201207-596

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003429

PATCH

title:	Firmware Updates for S7-412 CPU	url:	http://support.automation.siemens.com/WW/view/en/45645157	Trust: 0.8
title:	Firmware Updates for S7-414 CPU	url:	http://support.automation.siemens.com/WW/view/en/45645228	Trust: 0.8
title:	Firmware Updates for S7-416-CPUs V6 and higher	url:	http://support.automation.siemens.com/WW/view/en/45645229	Trust: 0.8
title:	Top Page	url:	http://www.siemens.com/	Trust: 0.8
title:	SSA-589272: Security vulnerability in SIMATIC S7-400 V6 PN CPUs	url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-589272.pdf	Trust: 0.8
title:	シーメンスソリューションパートナー	url:	http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx	Trust: 0.8
title:	シーメンス・ジャパン株式会社	url:	http://www.siemens.com/entry/jp/ja/	Trust: 0.8
title:	Patch for SIEMENS SIMATIC S7-400 Denial of Service Vulnerability (CNVD-2012-4031)	url:	https://www.cnvd.org.cn/patchInfo/show/19396	Trust: 0.6
title:	SIEMENS SIMATIC S7-400 Remediation measures for denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113681	Trust: 0.6

sources: CNVD: CNVD-2012-4031 // JVNDB: JVNDB-2012-003429 // CNNVD: CNNVD-201207-596

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3016	Trust: 3.6
db:	ICS CERT	id:	ICSA-12-212-02	Trust: 3.1
db:	SIEMENS	id:	SSA-589272	Trust: 1.8
db:	CNNVD	id:	CNNVD-201207-596	Trust: 0.9
db:	CNVD	id:	CNVD-2012-4031	Trust: 0.8
db:	JVNDB	id:	JVNDB-2012-003429	Trust: 0.8
db:	BID	id:	54730	Trust: 0.3
db:	IVD	id:	91CD01B4-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	SECUNIA	id:	50115	Trust: 0.2
db:	SEEBUG	id:	SSVID-89655	Trust: 0.1
db:	VULHUB	id:	VHN-56297	Trust: 0.1
db:	PACKETSTORM	id:	115158	Trust: 0.1

sources: IVD: 91cd01b4-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-4031 // VULHUB: VHN-56297 // BID: 54730 // JVNDB: JVNDB-2012-003429 // PACKETSTORM: 115158 // CNNVD: CNNVD-201207-596 // NVD: CVE-2012-3016

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-12-212-02.pdf	Trust: 3.1
url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-589272.pdf	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-589272.pdf	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3016	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3016	Trust: 0.8
url:	http://subscriber.communications.siemens.com/	Trust: 0.3
url:	http://secunia.com/psi	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=50115	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/50115/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/50115/#comments	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2012-4031 // VULHUB: VHN-56297 // BID: 54730 // JVNDB: JVNDB-2012-003429 // PACKETSTORM: 115158 // CNNVD: CNNVD-201207-596 // NVD: CVE-2012-3016

CREDITS

Reported by the vendor

Trust: 0.3

sources: BID: 54730

SOURCES

db:	IVD	id:	91cd01b4-2353-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-4031
db:	VULHUB	id:	VHN-56297
db:	BID	id:	54730
db:	JVNDB	id:	JVNDB-2012-003429
db:	PACKETSTORM	id:	115158
db:	CNNVD	id:	CNNVD-201207-596
db:	NVD	id:	CVE-2012-3016

LAST UPDATE DATE

2024-11-23T22:49:42.230000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-4031	date:	2012-08-01T00:00:00
db:	VULHUB	id:	VHN-56297	date:	2020-04-13T00:00:00
db:	BID	id:	54730	date:	2012-07-30T00:00:00
db:	JVNDB	id:	JVNDB-2012-003429	date:	2012-08-01T00:00:00
db:	CNNVD	id:	CNNVD-201207-596	date:	2020-04-14T00:00:00
db:	NVD	id:	CVE-2012-3016	date:	2024-11-21T01:40:07.717

SOURCES RELEASE DATE

db:	IVD	id:	91cd01b4-2353-11e6-abef-000c29c66e3d	date:	2012-08-01T00:00:00
db:	CNVD	id:	CNVD-2012-4031	date:	2012-08-01T00:00:00
db:	VULHUB	id:	VHN-56297	date:	2012-07-31T00:00:00
db:	BID	id:	54730	date:	2012-07-30T00:00:00
db:	JVNDB	id:	JVNDB-2012-003429	date:	2012-08-01T00:00:00
db:	PACKETSTORM	id:	115158	date:	2012-07-31T10:58:00
db:	CNNVD	id:	CNNVD-201207-596	date:	2012-07-30T00:00:00
db:	NVD	id:	CVE-2012-3016	date:	2012-07-31T10:45:42.327