Sign-up

ID

VAR-201403-0320


CVE

CVE-2014-2259


TITLE

Siemens SIMATIC S7-1500 CPU PLC Service disruption in device firmware (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001714

DESCRIPTION

Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets. Supplementary information : CWE Vulnerability type by CWE-404: Improper Resource Shutdown or Release ( Improper shutdown and release of resources ) Has been identified. Siemens SIMATIC is an automation software in a single engineering environment. The Siemens SIMATIC S7-1500 failed to properly handle the specially crafted messages sent to the 443/tcp (HTTPS) port, allowing remote attackers to exploit the vulnerability to send specially crafted requests to put the device into defect mode and to restart the normal function. Siemens SIMATIC S7-1500 is prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Versions prior to SIMATIC S7-1500 1.5.0 are vulnerable

Trust: 2.88

sources: NVD: CVE-2014-2259 // JVNDB: JVNDB-2014-001714 // CNVD: CNVD-2014-01716 // BID: 66191 // IVD: 25eb47cc-2352-11e6-abef-000c29c66e3d // IVD: 8ea81b90-71d0-4a98-a618-bedec27f45bd // VULHUB: VHN-70198

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 25eb47cc-2352-11e6-abef-000c29c66e3d // IVD: 8ea81b90-71d0-4a98-a618-bedec27f45bd // CNVD: CNVD-2014-01716

AFFECTED PRODUCTS

vendor:siemensmodel:simatic s7-1500 cpuscope:eqversion:1.0.1

Trust: 1.6

vendor:siemensmodel:simatic s7-1500 cpuscope:eqversion:1.1.1

Trust: 1.6

vendor:siemensmodel:simatic s7-1500 cpuscope:eqversion:1.1.0

Trust: 1.6

vendor:siemensmodel:simatic s7-1500 cpuscope:lteversion:1.1.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpuscope:ltversion:1.5.0

Trust: 0.8

vendor:siemensmodel:simatic s7-1500scope:eqversion:1.x

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 cpuscope:eqversion:1.1.2

Trust: 0.6

vendor:simatic s7 1500 cpumodel: - scope:eqversion:1.0.1

Trust: 0.4

vendor:simatic s7 1500 cpumodel: - scope:eqversion:1.1.0

Trust: 0.4

vendor:simatic s7 1500 cpumodel: - scope:eqversion:1.1.1

Trust: 0.4

vendor:simatic s7 1500 cpumodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: 25eb47cc-2352-11e6-abef-000c29c66e3d // IVD: 8ea81b90-71d0-4a98-a618-bedec27f45bd // CNVD: CNVD-2014-01716 // JVNDB: JVNDB-2014-001714 // CNNVD: CNNVD-201403-331 // NVD: CVE-2014-2259

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2259
value: HIGH

Trust: 1.0

NVD: CVE-2014-2259
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-01716
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201403-331
value: HIGH

Trust: 0.6

IVD: 25eb47cc-2352-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: 8ea81b90-71d0-4a98-a618-bedec27f45bd
value: HIGH

Trust: 0.2

VULHUB: VHN-70198
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-2259
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-01716
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 25eb47cc-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 8ea81b90-71d0-4a98-a618-bedec27f45bd
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-70198
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 25eb47cc-2352-11e6-abef-000c29c66e3d // IVD: 8ea81b90-71d0-4a98-a618-bedec27f45bd // CNVD: CNVD-2014-01716 // VULHUB: VHN-70198 // JVNDB: JVNDB-2014-001714 // CNNVD: CNNVD-201403-331 // NVD: CVE-2014-2259

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2014-001714 // NVD: CVE-2014-2259

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-331

TYPE

other

Trust: 1.0

sources: IVD: 25eb47cc-2352-11e6-abef-000c29c66e3d // IVD: 8ea81b90-71d0-4a98-a618-bedec27f45bd // CNNVD: CNNVD-201403-331

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001714

PATCH
title:SSA-456423url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
Trust: 0.8
title:Patch for Siemens SIMATIC S7-1500 Denial of Service Vulnerability (CNVD-2014-01716)url:https://www.cnvd.org.cn/patchInfo/show/44298
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-01716 // 
            
            
            
            JVNDB: JVNDB-2014-001714

EXTERNAL IDS
db:NVDid:CVE-2014-2259
Trust: 3.8
db:ICS CERTid:ICSA-14-073-01
Trust: 2.5
db:SIEMENSid:SSA-456423
Trust: 2.3
db:CNNVDid:CNNVD-201403-331
Trust: 1.1
db:CNVDid:CNVD-2014-01716
Trust: 1.0
db:BIDid:66191
Trust: 1.0
db:JVNDBid:JVNDB-2014-001714
Trust: 0.8
db:IVDid:25EB47CC-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:IVDid:8EA81B90-71D0-4A98-A618-BEDEC27F45BD
Trust: 0.2
db:VULHUBid:VHN-70198
Trust: 0.1
sources:
            
            
            IVD: 25eb47cc-2352-11e6-abef-000c29c66e3d // 
            
            
            
            IVD: 8ea81b90-71d0-4a98-a618-bedec27f45bd // 
            
            
            
            CNVD: CNVD-2014-01716 // 
            
            
            
            VULHUB: VHN-70198 // 
            
            
            
            BID: 66191 // 
            
            
            
            JVNDB: JVNDB-2014-001714 // 
            
            
            
            CNNVD: CNNVD-201403-331 // 
            
            
            
            NVD: CVE-2014-2259

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-14-073-01
Trust: 2.5
url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
Trust: 2.3
url:https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2259
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2259
Trust: 0.8
url:http://subscriber.communications.siemens.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-01716 // 
            
            
            
            VULHUB: VHN-70198 // 
            
            
            
            BID: 66191 // 
            
            
            
            JVNDB: JVNDB-2014-001714 // 
            
            
            
            CNNVD: CNNVD-201403-331 // 
            
            
            
            NVD: CVE-2014-2259

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 66191

SOURCES
db:IVDid:25eb47cc-2352-11e6-abef-000c29c66e3d
db:IVDid:8ea81b90-71d0-4a98-a618-bedec27f45bd
db:CNVDid:CNVD-2014-01716
db:VULHUBid:VHN-70198
db:BIDid:66191
db:JVNDBid:JVNDB-2014-001714
db:CNNVDid:CNNVD-201403-331
db:NVDid:CVE-2014-2259

LAST UPDATE DATE
2024-11-23T21:45:19.569000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-01716date:2014-03-17T00:00:00
db:VULHUBid:VHN-70198date:2020-02-10T00:00:00
db:BIDid:66191date:2014-03-19T01:13:00
db:JVNDBid:JVNDB-2014-001714date:2014-03-18T00:00:00
db:CNNVDid:CNNVD-201403-331date:2020-02-11T00:00:00
db:NVDid:CVE-2014-2259date:2024-11-21T02:05:57.230

SOURCES RELEASE DATE
db:IVDid:25eb47cc-2352-11e6-abef-000c29c66e3ddate:2014-03-17T00:00:00
db:IVDid:8ea81b90-71d0-4a98-a618-bedec27f45bddate:2014-03-17T00:00:00
db:CNVDid:CNVD-2014-01716date:2014-03-17T00:00:00
db:VULHUBid:VHN-70198date:2014-03-16T00:00:00
db:BIDid:66191date:2014-03-13T00:00:00
db:JVNDBid:JVNDB-2014-001714date:2014-03-18T00:00:00
db:CNNVDid:CNNVD-201403-331date:2014-03-19T00:00:00
db:NVDid:CVE-2014-2259date:2014-03-16T14:06:45.960