Sign-up

ID

VAR-201304-0413


CVE

CVE-2013-2780


TITLE

Siemens SIMATIC S7-1200 PLCs 2.x and 3.x Denial of service vulnerability

Trust: 0.8

sources: IVD: fa38c0f4-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-04095

DESCRIPTION

Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to UDP port 161 (aka the SNMP port). An attacker sends a trait packet to port 161 (SNMP port) or port 102 (ISO-TSAP port) to initiate a denial of service attack. SIEMENS SIMATIC S7-1200 is an automation application developed by Siemens. SIEMENS SIMATIC S7-1200 has an error in processing SNMP status information. An attacker can send a special message to UDP port 161 to put the device into defect mode. Allows an attacker to exploit a vulnerability for a denial of service attack. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Note: This issue was previously discussed in BID 57023 (SIEMENS SIMATIC S7-1200 Multiple Denial of Service Vulnerabilities), but has been moved to its own record for better documentation. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Siemens SIMATIC S7-1200 Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA51628 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51628/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51628 RELEASE DATE: 2012-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/51628/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51628/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51628 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in SIMATIC S7-1200, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerabilities are reported in all 2.x and 3.x versions. SOLUTION: The vendor is currently working on a fix. No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Prof. Dr. Hartmut Pohl, softScheck GmbH 2) Arne Vidstrom, Swedish Defence Research Agency (FOI) ORIGINAL ADVISORY: SSA-724606: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.87

sources: NVD: CVE-2013-2780 // JVNDB: JVNDB-2012-005983 // CNVD: CNVD-2013-04095 // CNVD: CNVD-2012-9290 // CNVD: CNVD-2012-9288 // BID: 59399 // IVD: fa38c0f4-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-62782 // PACKETSTORM: 119001

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 2.0

sources: IVD: fa38c0f4-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-04095 // CNVD: CNVD-2012-9290 // CNVD: CNVD-2012-9288

AFFECTED PRODUCTS

vendor:siemensmodel:simatic s7-1200scope:eqversion:2.0.2

Trust: 1.5

vendor:siemensmodel:simatic s7-1200scope:eqversion:2.0.3

Trust: 1.5

vendor:siemensmodel:simatic s7-1200 cpu 1215 fcscope:ltversion:4.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1200scope:ltversion:4.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1212cscope:ltversion:4.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1212fcscope:ltversion:4.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1214cscope:ltversion:4.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1214 fcscope:ltversion:4.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1211cscope:ltversion:4.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1215cscope:ltversion:4.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1217cscope:ltversion:4.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 micro plcscope:eqversion:2.x

Trust: 0.8

vendor:siemensmodel:simatic s7-1200 micro plcscope:eqversion:3.x

Trust: 0.8

vendor:siemensmodel:simatic s7-1200scope:eqversion:2.x

Trust: 0.6

vendor:siemensmodel:simatic s7-1200scope:eqversion:3.x

Trust: 0.6

vendor:siemensmodel:simatic s7-1200 plcscope:eqversion:2.2

Trust: 0.6

vendor:siemensmodel:simatic s7-1200 plcscope:eqversion:3.0.1

Trust: 0.6

vendor:siemensmodel:simatic s7-1200 plcscope:eqversion:2.1

Trust: 0.6

vendor:siemensmodel:simatic s7-1200 plcscope:eqversion:3.0.0

Trust: 0.6

vendor:siemensmodel:simatic s7-1200 plcscope:eqversion:2.0

Trust: 0.6

vendor:simatic s7 1200 plcmodel: - scope:eqversion:2.0

Trust: 0.2

vendor:simatic s7 1200 plcmodel: - scope:eqversion:2.1

Trust: 0.2

vendor:simatic s7 1200 plcmodel: - scope:eqversion:2.2

Trust: 0.2

vendor:simatic s7 1200 plcmodel: - scope:eqversion:3.0.0

Trust: 0.2

vendor:simatic s7 1200 plcmodel: - scope:eqversion:3.0.1

Trust: 0.2

sources: IVD: fa38c0f4-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-04095 // CNVD: CNVD-2012-9290 // CNVD: CNVD-2012-9288 // BID: 59399 // JVNDB: JVNDB-2012-005983 // CNNVD: CNNVD-201304-456 // NVD: CVE-2013-2780

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2780
value: HIGH

Trust: 1.0

NVD: CVE-2013-2780
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-04095
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201304-456
value: HIGH

Trust: 0.6

IVD: fa38c0f4-2352-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-62782
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-2780
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-04095
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: fa38c0f4-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-62782
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: fa38c0f4-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-04095 // VULHUB: VHN-62782 // JVNDB: JVNDB-2012-005983 // CNNVD: CNNVD-201304-456 // NVD: CVE-2013-2780

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-62782 // JVNDB: JVNDB-2012-005983 // NVD: CVE-2013-2780

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201212-330 // CNNVD: CNNVD-201304-456

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201304-456

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-005983

PATCH
title:Top Pageurl:http://www.siemens.com/entry/cc/en/
Trust: 0.8
title:SSA-724606: Denial-of-Service Vulnerabilities in SIMATIC S7-1200 PLCsurl:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf
Trust: 0.8
title:シーメンスソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx
Trust: 0.8
title:シーメンス・ジャパン株式会社url:http://www.siemens.com/answers/jp/ja/
Trust: 0.8
title:Siemens SIMATIC S7-1200 PLCs 2.x and 3.x Patch for Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/72684
Trust: 0.6
title:Patch for SIEMENS SIMATIC TCP Packet Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/26797
Trust: 0.6
title:SIEMENS SIMATIC SNMP Status Information Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/26796
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-04095 // 
            
            
            
            CNVD: CNVD-2012-9290 // 
            
            
            
            CNVD: CNVD-2012-9288 // 
            
            
            
            JVNDB: JVNDB-2012-005983

EXTERNAL IDS
db:NVDid:CVE-2013-2780
Trust: 3.6
db:SIEMENSid:SSA-724606
Trust: 3.0
db:BIDid:57023
Trust: 1.8
db:CNNVDid:CNNVD-201304-456
Trust: 0.9
db:CNVDid:CNVD-2013-04095
Trust: 0.8
db:ICS CERTid:ICSA-14-079-01
Trust: 0.8
db:JVNDBid:JVNDB-2012-005983
Trust: 0.8
db:CNVDid:CNVD-2012-9290
Trust: 0.6
db:CNVDid:CNVD-2012-9288
Trust: 0.6
db:CNNVDid:CNNVD-201212-330
Trust: 0.6
db:BIDid:59399
Trust: 0.4
db:IVDid:FA38C0F4-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:SECUNIAid:51628
Trust: 0.2
db:VULHUBid:VHN-62782
Trust: 0.1
db:PACKETSTORMid:119001
Trust: 0.1
sources:
            
            
            IVD: fa38c0f4-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-04095 // 
            
            
            
            CNVD: CNVD-2012-9290 // 
            
            
            
            CNVD: CNVD-2012-9288 // 
            
            
            
            VULHUB: VHN-62782 // 
            
            
            
            BID: 59399 // 
            
            
            
            JVNDB: JVNDB-2012-005983 // 
            
            
            
            PACKETSTORM: 119001 // 
            
            
            
            CNNVD: CNNVD-201212-330 // 
            
            
            
            CNNVD: CNNVD-201304-456 // 
            
            
            
            NVD: CVE-2013-2780

REFERENCES
url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf
Trust: 1.8
url:https://cert-portal.siemens.com/productcert/pdf/ssa-724606.pdf
Trust: 1.7
url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdfhttp
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2780
Trust: 0.8
url:http://ics-cert.us-cert.gov/advisories/icsa-14-079-01
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2780
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail;jsessionid=0cb9a9987284ba5f7e5440d7ac869339
Trust: 0.6
url:http://www.securityfocus.com/bid/57023
Trust: 0.6
url:http://subscriber.communications.siemens.com/
Trust: 0.3
url:http://secunia.com/advisories/51628/
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=51628
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/blog/325/
Trust: 0.1
url:http://secunia.com/advisories/51628/#comments
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-04095 // 
            
            
            
            CNVD: CNVD-2012-9290 // 
            
            
            
            CNVD: CNVD-2012-9288 // 
            
            
            
            VULHUB: VHN-62782 // 
            
            
            
            BID: 59399 // 
            
            
            
            JVNDB: JVNDB-2012-005983 // 
            
            
            
            PACKETSTORM: 119001 // 
            
            
            
            CNNVD: CNNVD-201212-330 // 
            
            
            
            CNNVD: CNNVD-201304-456 // 
            
            
            
            NVD: CVE-2013-2780

CREDITS
Prof. Dr. Hartmut Pohl and Arne Vidstrom
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201212-330

SOURCES
db:IVDid:fa38c0f4-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-04095
db:CNVDid:CNVD-2012-9290
db:CNVDid:CNVD-2012-9288
db:VULHUBid:VHN-62782
db:BIDid:59399
db:JVNDBid:JVNDB-2012-005983
db:PACKETSTORMid:119001
db:CNNVDid:CNNVD-201212-330
db:CNNVDid:CNNVD-201304-456
db:NVDid:CVE-2013-2780

LAST UPDATE DATE
2024-11-23T22:02:24.253000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-04095date:2016-03-15T00:00:00
db:CNVDid:CNVD-2012-9290date:2012-12-25T00:00:00
db:CNVDid:CNVD-2012-9288date:2012-12-25T00:00:00
db:VULHUBid:VHN-62782date:2020-02-10T00:00:00
db:BIDid:59399date:2014-03-25T00:54:00
db:JVNDBid:JVNDB-2012-005983date:2014-03-28T00:00:00
db:CNNVDid:CNNVD-201212-330date:2012-12-25T00:00:00
db:CNNVDid:CNNVD-201304-456date:2022-02-07T00:00:00
db:NVDid:CVE-2013-2780date:2024-11-21T01:52:21.247

SOURCES RELEASE DATE
db:IVDid:fa38c0f4-2352-11e6-abef-000c29c66e3ddate:2013-04-25T00:00:00
db:CNVDid:CNVD-2013-04095date:2013-04-25T00:00:00
db:CNVDid:CNVD-2012-9290date:2012-12-25T00:00:00
db:CNVDid:CNVD-2012-9288date:2012-12-25T00:00:00
db:VULHUBid:VHN-62782date:2013-04-22T00:00:00
db:BIDid:59399date:2012-12-21T00:00:00
db:JVNDBid:JVNDB-2012-005983date:2013-04-23T00:00:00
db:PACKETSTORMid:119001date:2012-12-21T08:03:21
db:CNNVDid:CNNVD-201212-330date:2012-12-25T00:00:00
db:CNNVDid:CNNVD-201304-456date:2013-04-22T00:00:00
db:NVDid:CVE-2013-2780date:2013-04-22T03:27:13.063