Details of VAR-201403-0314

ID

VAR-201403-0314

CVE

CVE-2014-2253

TITLE

Siemens SIMATIC S7-1500 Denial of service vulnerability

Trust: 1.0

sources: IVD: 25ad7ae6-2352-11e6-abef-000c29c66e3d // IVD: 17f92e76-4ec3-4508-9703-45193e45cd4c // CNVD: CNVD-2014-01719

DESCRIPTION

Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets. Supplementary information : CWE Vulnerability type by CWE-404: Improper Resource Shutdown or Release ( Improper shutdown and release of resources ) Has been identified. http://cwe.mitre.org/data/definitions/404.htmlSkillfully crafted by a third party Profinet Service disruption via packets (defect-mode Transition to ) There is a possibility of being put into a state. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC S7-1500 failed to properly handle specially crafted Profinet messages, allowing remote attackers with access to local Ethernet segments to exploit vulnerabilities to send specially crafted requests to put the device into defect mode, requiring a restart to resume normal functionality. Siemens SIMATIC S7-1500 is prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Versions prior to SIMATIC S7-1500 1.5.0 are vulnerable

Trust: 2.88

sources: NVD: CVE-2014-2253 // JVNDB: JVNDB-2014-001711 // CNVD: CNVD-2014-01719 // BID: 66194 // IVD: 25ad7ae6-2352-11e6-abef-000c29c66e3d // IVD: 17f92e76-4ec3-4508-9703-45193e45cd4c // VULHUB: VHN-70192

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 25ad7ae6-2352-11e6-abef-000c29c66e3d // IVD: 17f92e76-4ec3-4508-9703-45193e45cd4c // CNVD: CNVD-2014-01719

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7-1500 cpu	scope:	eq	version:	1.0.1	Trust: 1.6
vendor:	siemens	model:	simatic s7-1500 cpu	scope:	eq	version:	1.1.1	Trust: 1.6
vendor:	siemens	model:	simatic s7-1500 cpu	scope:	eq	version:	1.1.0	Trust: 1.6
vendor:	siemens	model:	simatic s7-1500 cpu	scope:	lte	version:	1.1.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu	scope:	lt	version:	1.5.0	Trust: 0.8
vendor:	siemens	model:	simatic s7-1500	scope:	eq	version:	1.x	Trust: 0.6
vendor:	siemens	model:	simatic s7-1500 cpu	scope:	eq	version:	1.1.2	Trust: 0.6
vendor:	simatic s7 1500 cpu	model:	-	scope:	eq	version:	1.0.1	Trust: 0.4
vendor:	simatic s7 1500 cpu	model:	-	scope:	eq	version:	1.1.0	Trust: 0.4
vendor:	simatic s7 1500 cpu	model:	-	scope:	eq	version:	1.1.1	Trust: 0.4
vendor:	simatic s7 1500 cpu	model:	-	scope:	eq	version:	*	Trust: 0.4

sources: IVD: 25ad7ae6-2352-11e6-abef-000c29c66e3d // IVD: 17f92e76-4ec3-4508-9703-45193e45cd4c // CNVD: CNVD-2014-01719 // JVNDB: JVNDB-2014-001711 // CNNVD: CNNVD-201403-328 // NVD: CVE-2014-2253

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2253
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2253
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-01719
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201403-328
value:	MEDIUM
Trust: 0.6
IVD:	25ad7ae6-2352-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	17f92e76-4ec3-4508-9703-45193e45cd4c
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-70192
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2253
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-01719
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	25ad7ae6-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	17f92e76-4ec3-4508-9703-45193e45cd4c
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-70192
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 25ad7ae6-2352-11e6-abef-000c29c66e3d // IVD: 17f92e76-4ec3-4508-9703-45193e45cd4c // CNVD: CNVD-2014-01719 // VULHUB: VHN-70192 // JVNDB: JVNDB-2014-001711 // CNNVD: CNNVD-201403-328 // NVD: CVE-2014-2253

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2014-001711 // NVD: CVE-2014-2253

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201403-328

TYPE

other

Trust: 1.0

sources: IVD: 25ad7ae6-2352-11e6-abef-000c29c66e3d // IVD: 17f92e76-4ec3-4508-9703-45193e45cd4c // CNNVD: CNNVD-201403-328

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001711

PATCH

title:	SSA-456423	url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf	Trust: 0.8
title:	Patch for Siemens SIMATIC S7-1500 Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/44301	Trust: 0.6
title:	Siemens SIMATIC S7-1500 CPU PLC Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=109069	Trust: 0.6

sources: CNVD: CNVD-2014-01719 // JVNDB: JVNDB-2014-001711 // CNNVD: CNNVD-201403-328

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2253	Trust: 3.8
db:	ICS CERT	id:	ICSA-14-073-01	Trust: 2.5
db:	SIEMENS	id:	SSA-456423	Trust: 2.3
db:	CNNVD	id:	CNNVD-201403-328	Trust: 1.1
db:	CNVD	id:	CNVD-2014-01719	Trust: 1.0
db:	BID	id:	66194	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-001711	Trust: 0.8
db:	IVD	id:	25AD7AE6-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	17F92E76-4EC3-4508-9703-45193E45CD4C	Trust: 0.2
db:	VULHUB	id:	VHN-70192	Trust: 0.1

sources: IVD: 25ad7ae6-2352-11e6-abef-000c29c66e3d // IVD: 17f92e76-4ec3-4508-9703-45193e45cd4c // CNVD: CNVD-2014-01719 // VULHUB: VHN-70192 // BID: 66194 // JVNDB: JVNDB-2014-001711 // CNNVD: CNNVD-201403-328 // NVD: CVE-2014-2253

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-073-01	Trust: 2.5
url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf	Trust: 2.3
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2253	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2253	Trust: 0.8
url:	http://subscriber.communications.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2014-01719 // VULHUB: VHN-70192 // BID: 66194 // JVNDB: JVNDB-2014-001711 // CNNVD: CNNVD-201403-328 // NVD: CVE-2014-2253

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 66194

SOURCES

db:	IVD	id:	25ad7ae6-2352-11e6-abef-000c29c66e3d
db:	IVD	id:	17f92e76-4ec3-4508-9703-45193e45cd4c
db:	CNVD	id:	CNVD-2014-01719
db:	VULHUB	id:	VHN-70192
db:	BID	id:	66194
db:	JVNDB	id:	JVNDB-2014-001711
db:	CNNVD	id:	CNNVD-201403-328
db:	NVD	id:	CVE-2014-2253

LAST UPDATE DATE

2024-11-23T21:45:19.525000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01719	date:	2014-03-17T00:00:00
db:	VULHUB	id:	VHN-70192	date:	2020-02-10T00:00:00
db:	BID	id:	66194	date:	2014-03-19T02:13:00
db:	JVNDB	id:	JVNDB-2014-001711	date:	2014-03-18T00:00:00
db:	CNNVD	id:	CNNVD-201403-328	date:	2020-02-11T00:00:00
db:	NVD	id:	CVE-2014-2253	date:	2024-11-21T02:05:56.380

SOURCES RELEASE DATE

db:	IVD	id:	25ad7ae6-2352-11e6-abef-000c29c66e3d	date:	2014-03-17T00:00:00
db:	IVD	id:	17f92e76-4ec3-4508-9703-45193e45cd4c	date:	2014-03-17T00:00:00
db:	CNVD	id:	CNVD-2014-01719	date:	2014-03-17T00:00:00
db:	VULHUB	id:	VHN-70192	date:	2014-03-16T00:00:00
db:	BID	id:	66194	date:	2014-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2014-001711	date:	2014-03-18T00:00:00
db:	CNNVD	id:	CNNVD-201403-328	date:	2014-03-19T00:00:00
db:	NVD	id:	CVE-2014-2253	date:	2014-03-16T14:06:45.897