Sign-up

ID

VAR-201403-0318


CVE

CVE-2014-2257


TITLE

Siemens SIMATIC S7-1500 CPU PLC Denial of service in device firmware (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001713

DESCRIPTION

Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets. Supplementary information : CWE Vulnerability types by CWE-404: Improper Resource Shutdown or Release ( Improper shutdown and release of resources ) Has been identified. Siemens SIMATIC is an automation software in a single engineering environment. The Siemens SIMATIC S7-1500 fails to properly handle specially crafted messages sent to the 102/TCP (ISO-TSAP) port, allowing remote attackers to exploit the vulnerability to send specially crafted requests to put the device into defect mode and to restart the normal function. Siemens SIMATIC S7-1500 is prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Versions prior to SIMATIC S7-1500 1.5.0 are vulnerable

Trust: 2.88

sources: NVD: CVE-2014-2257 // JVNDB: JVNDB-2014-001713 // CNVD: CNVD-2014-01717 // BID: 66198 // IVD: 25f5ac9e-2352-11e6-abef-000c29c66e3d // IVD: a0916fe2-2871-4ae3-8523-c867315b7b95 // VULHUB: VHN-70196

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 25f5ac9e-2352-11e6-abef-000c29c66e3d // IVD: a0916fe2-2871-4ae3-8523-c867315b7b95 // CNVD: CNVD-2014-01717

AFFECTED PRODUCTS

vendor:siemensmodel:simatic s7-1500 cpuscope:eqversion:1.0.1

Trust: 1.6

vendor:siemensmodel:simatic s7-1500 cpuscope:eqversion:1.1.1

Trust: 1.6

vendor:siemensmodel:simatic s7-1500 cpuscope:eqversion:1.1.0

Trust: 1.6

vendor:siemensmodel:simatic s7-1500 cpuscope:lteversion:1.1.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpuscope:ltversion:1.5.0

Trust: 0.8

vendor:siemensmodel:simatic s7-1500scope:eqversion:1.x

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 cpuscope:eqversion:1.1.2

Trust: 0.6

vendor:simatic s7 1500 cpumodel: - scope:eqversion:1.0.1

Trust: 0.4

vendor:simatic s7 1500 cpumodel: - scope:eqversion:1.1.0

Trust: 0.4

vendor:simatic s7 1500 cpumodel: - scope:eqversion:1.1.1

Trust: 0.4

vendor:simatic s7 1500 cpumodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: 25f5ac9e-2352-11e6-abef-000c29c66e3d // IVD: a0916fe2-2871-4ae3-8523-c867315b7b95 // CNVD: CNVD-2014-01717 // JVNDB: JVNDB-2014-001713 // CNNVD: CNNVD-201403-330 // NVD: CVE-2014-2257

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2257
value: HIGH

Trust: 1.0

NVD: CVE-2014-2257
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-01717
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201403-330
value: HIGH

Trust: 0.6

IVD: 25f5ac9e-2352-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: a0916fe2-2871-4ae3-8523-c867315b7b95
value: HIGH

Trust: 0.2

VULHUB: VHN-70196
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-2257
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-01717
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 25f5ac9e-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: a0916fe2-2871-4ae3-8523-c867315b7b95
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-70196
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 25f5ac9e-2352-11e6-abef-000c29c66e3d // IVD: a0916fe2-2871-4ae3-8523-c867315b7b95 // CNVD: CNVD-2014-01717 // VULHUB: VHN-70196 // JVNDB: JVNDB-2014-001713 // CNNVD: CNNVD-201403-330 // NVD: CVE-2014-2257

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2014-001713 // NVD: CVE-2014-2257

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-330

TYPE

other

Trust: 1.0

sources: IVD: 25f5ac9e-2352-11e6-abef-000c29c66e3d // IVD: a0916fe2-2871-4ae3-8523-c867315b7b95 // CNNVD: CNNVD-201403-330

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001713

PATCH
title:SSA-456423url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
Trust: 0.8
title:Patch for Siemens SIMATIC S7-1500 Denial of Service Vulnerability (CNVD-2014-01717)url:https://www.cnvd.org.cn/patchInfo/show/44299
Trust: 0.6
title:Siemens SIMATIC S7-1500 CPU PLC Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=109071
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-01717 // 
            
            
            
            JVNDB: JVNDB-2014-001713 // 
            
            
            
            CNNVD: CNNVD-201403-330

EXTERNAL IDS
db:NVDid:CVE-2014-2257
Trust: 3.8
db:ICS CERTid:ICSA-14-073-01
Trust: 2.5
db:SIEMENSid:SSA-456423
Trust: 2.3
db:CNNVDid:CNNVD-201403-330
Trust: 1.1
db:CNVDid:CNVD-2014-01717
Trust: 1.0
db:BIDid:66198
Trust: 1.0
db:JVNDBid:JVNDB-2014-001713
Trust: 0.8
db:IVDid:25F5AC9E-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:IVDid:A0916FE2-2871-4AE3-8523-C867315B7B95
Trust: 0.2
db:VULHUBid:VHN-70196
Trust: 0.1
sources:
            
            
            IVD: 25f5ac9e-2352-11e6-abef-000c29c66e3d // 
            
            
            
            IVD: a0916fe2-2871-4ae3-8523-c867315b7b95 // 
            
            
            
            CNVD: CNVD-2014-01717 // 
            
            
            
            VULHUB: VHN-70196 // 
            
            
            
            BID: 66198 // 
            
            
            
            JVNDB: JVNDB-2014-001713 // 
            
            
            
            CNNVD: CNNVD-201403-330 // 
            
            
            
            NVD: CVE-2014-2257

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-14-073-01
Trust: 2.5
url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
Trust: 2.3
url:https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2257
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2257
Trust: 0.8
url:http://subscriber.communications.siemens.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-01717 // 
            
            
            
            VULHUB: VHN-70196 // 
            
            
            
            BID: 66198 // 
            
            
            
            JVNDB: JVNDB-2014-001713 // 
            
            
            
            CNNVD: CNNVD-201403-330 // 
            
            
            
            NVD: CVE-2014-2257

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 66198

SOURCES
db:IVDid:25f5ac9e-2352-11e6-abef-000c29c66e3d
db:IVDid:a0916fe2-2871-4ae3-8523-c867315b7b95
db:CNVDid:CNVD-2014-01717
db:VULHUBid:VHN-70196
db:BIDid:66198
db:JVNDBid:JVNDB-2014-001713
db:CNNVDid:CNNVD-201403-330
db:NVDid:CVE-2014-2257

LAST UPDATE DATE
2024-11-23T21:45:19.613000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-01717date:2014-03-17T00:00:00
db:VULHUBid:VHN-70196date:2020-02-10T00:00:00
db:BIDid:66198date:2014-03-19T01:33:00
db:JVNDBid:JVNDB-2014-001713date:2014-03-18T00:00:00
db:CNNVDid:CNNVD-201403-330date:2020-02-11T00:00:00
db:NVDid:CVE-2014-2257date:2024-11-21T02:05:56.947

SOURCES RELEASE DATE
db:IVDid:25f5ac9e-2352-11e6-abef-000c29c66e3ddate:2014-03-17T00:00:00
db:IVDid:a0916fe2-2871-4ae3-8523-c867315b7b95date:2014-03-17T00:00:00
db:CNVDid:CNVD-2014-01717date:2014-03-17T00:00:00
db:VULHUBid:VHN-70196date:2014-03-16T00:00:00
db:BIDid:66198date:2014-03-13T00:00:00
db:JVNDBid:JVNDB-2014-001713date:2014-03-18T00:00:00
db:CNNVDid:CNNVD-201403-330date:2014-03-19T00:00:00
db:NVDid:CVE-2014-2257date:2014-03-16T14:06:45.943