Details of VAR-201810-0793

ID

VAR-201810-0793

CVE

CVE-2018-13805

TITLE

plural Siemens SIMATIC Product depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013472

DESCRIPTION

A vulnerability has been identified in SIMATIC ET 200SP Open Controller (All versions >= V2.0 and < V2.1.6), SIMATIC S7-1500 Software Controller (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 incl. F (All versions >= V2.0 and < V2.5). An attacker can cause a denial-of-service condition on the network stack by sending a large number of specially crafted packets to the PLC. The PLC will lose its ability to communicate over the network. This vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. An attacker could use this vulnerability to compromise availability of the network connectivity. At the time of advisory publication no public exploitation of this vulnerability was known. F Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The SIEMENS SIMATIC S7-1500 CPU family is designed for discrete and continuous control in industrial environments such as manufacturing, the global food and beverage and chemical industries. SIEMENS SIMATIC ET 200SP Open is a version of the PC-based SIMATIC S7-1500 controller, including optional visualization and central I/O in compact devices. Multiple Siemens SIMATIC Products are prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. The following products and versions are vulnerable: Simatic S7-1500 (incl

Trust: 2.61

sources: NVD: CVE-2018-13805 // JVNDB: JVNDB-2018-013472 // CNVD: CNVD-2018-20534 // BID: 105712 // IVD: e2fca5f0-39ab-11e9-b0fb-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2fca5f0-39ab-11e9-b0fb-000c29342cb1 // CNVD: CNVD-2018-20534

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic et 200sp	scope:	gte	version:	2.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500	scope:	gte	version:	2.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500f	scope:	gte	version:	2.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500	scope:	lt	version:	2.5	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500f	scope:	lt	version:	2.5	Trust: 1.0
vendor:	siemens	model:	simatic et 200sp	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1500	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1500f	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic et 200sp open	scope:	gte	version:	v2.0<v2.5	Trust: 0.6
vendor:	siemens	model:	simatic s7-1500 software controller	scope:	gte	version:	v2.0<v2.0	Trust: 0.6
vendor:	siemens	model:	simatic s7-1500 cpu family	scope:	gte	version:	v2.0<v2.5	Trust: 0.6
vendor:	siemens	model:	simatic s7-1500 software controller	scope:	eq	version:	2.0	Trust: 0.3
vendor:	siemens	model:	simatic s7-1500	scope:	eq	version:	2.0	Trust: 0.3
vendor:	siemens	model:	simatic et 200sp open controller	scope:	eq	version:	2.0	Trust: 0.3
vendor:	siemens	model:	simatic s7-1500 software controller	scope:	ne	version:	2.5	Trust: 0.3
vendor:	siemens	model:	simatic s7-1500	scope:	ne	version:	2.5	Trust: 0.3
vendor:	simatic et 200sp	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1500	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1500f	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2fca5f0-39ab-11e9-b0fb-000c29342cb1 // CNVD: CNVD-2018-20534 // BID: 105712 // JVNDB: JVNDB-2018-013472 // NVD: CVE-2018-13805

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-13805
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-13805
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-20534
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201810-509
value:	HIGH
Trust: 0.6
IVD:	e2fca5f0-39ab-11e9-b0fb-000c29342cb1
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2018-13805
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-20534
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2fca5f0-39ab-11e9-b0fb-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-13805
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: e2fca5f0-39ab-11e9-b0fb-000c29342cb1 // CNVD: CNVD-2018-20534 // JVNDB: JVNDB-2018-013472 // CNNVD: CNNVD-201810-509 // NVD: CVE-2018-13805

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.8

sources: JVNDB: JVNDB-2018-013472 // NVD: CVE-2018-13805

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-509

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201810-509

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013472

PATCH

title:	SSA-347726	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdf	Trust: 0.8
title:	SIEMENS SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open denial of service vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/141765	Trust: 0.6
title:	SIMATIC Repair measures for device security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86140	Trust: 0.6

sources: CNVD: CNVD-2018-20534 // JVNDB: JVNDB-2018-013472 // CNNVD: CNNVD-201810-509

EXTERNAL IDS

db:	NVD	id:	CVE-2018-13805	Trust: 3.5
db:	SIEMENS	id:	SSA-347726	Trust: 2.2
db:	ICS CERT	id:	ICSA-18-282-05	Trust: 1.1
db:	CNVD	id:	CNVD-2018-20534	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-509	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-013472	Trust: 0.8
db:	BID	id:	105712	Trust: 0.3
db:	IVD	id:	E2FCA5F0-39AB-11E9-B0FB-000C29342CB1	Trust: 0.2

sources: IVD: e2fca5f0-39ab-11e9-b0fb-000c29342cb1 // CNVD: CNVD-2018-20534 // BID: 105712 // JVNDB: JVNDB-2018-013472 // CNNVD: CNNVD-201810-509 // NVD: CVE-2018-13805

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdf	Trust: 2.2
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-282-05	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13805	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13805	Trust: 0.8
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2018-20534 // BID: 105712 // JVNDB: JVNDB-2018-013472 // CNNVD: CNNVD-201810-509 // NVD: CVE-2018-13805

CREDITS

Marcin Dudek, Jacek Gajewski, Kinga Staszkiewicz, Jakub Suchorab, and Joanna Walkiewicz from National Centre for Nuclear Research Poland

Trust: 0.3

sources: BID: 105712

SOURCES

db:	IVD	id:	e2fca5f0-39ab-11e9-b0fb-000c29342cb1
db:	CNVD	id:	CNVD-2018-20534
db:	BID	id:	105712
db:	JVNDB	id:	JVNDB-2018-013472
db:	CNNVD	id:	CNNVD-201810-509
db:	NVD	id:	CVE-2018-13805

LAST UPDATE DATE

2024-08-14T14:19:46.803000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-20534	date:	2018-10-10T00:00:00
db:	BID	id:	105712	date:	2018-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-013472	date:	2019-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201810-509	date:	2019-04-01T00:00:00
db:	NVD	id:	CVE-2018-13805	date:	2019-03-21T19:29:00.410

SOURCES RELEASE DATE

db:	IVD	id:	e2fca5f0-39ab-11e9-b0fb-000c29342cb1	date:	2018-10-10T00:00:00
db:	CNVD	id:	CNVD-2018-20534	date:	2018-10-10T00:00:00
db:	BID	id:	105712	date:	2018-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-013472	date:	2019-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201810-509	date:	2018-10-11T00:00:00
db:	NVD	id:	CVE-2018-13805	date:	2018-10-10T17:29:04.170