Details of VAR-201812-0391

ID

VAR-201812-0391

CVE

CVE-2018-16556

TITLE

Siemens SIMATIC S7-400 Input validation vulnerability

Trust: 0.8

sources: IVD: 7d80ae61-463f-11e9-a301-000c29342cb1 // CNVD: CNVD-2018-25433

DESCRIPTION

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system. plural SIMATIC The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensSIMATICS7-400 is a programmable logic controller for manufacturing and process automation in Siemens, Germany. An input verification vulnerability exists in the Siemens SIMATIC S7-400 product. Siemens SIMATIC S7-400 CPU is prone to multiple denial-of-service vulnerabilities. Remote attackers may exploit these issues to cause denial-of-service conditions, denying service to legitimate users. A vulnerability has been identified in SIMATIC S7-400 (incl. At the time of advisory publication no public exploitation of this security vulnerability was known

Trust: 2.7

sources: NVD: CVE-2018-16556 // JVNDB: JVNDB-2018-014530 // CNVD: CNVD-2018-25433 // BID: 107309 // IVD: 7d80ae61-463f-11e9-a301-000c29342cb1 // VULHUB: VHN-126927

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 7d80ae61-463f-11e9-a301-000c29342cb1 // CNVD: CNVD-2018-25433

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7-410	scope:	lt	version:	8.2.1	Trust: 1.8
vendor:	siemens	model:	simatic s7-400	scope:	lte	version:	v6.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-400 pn\/dp v7	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-400h v6	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-400h	scope:	lte	version:	v4.5	Trust: 1.0
vendor:	siemens	model:	simatic s7-400 pn/dp v7	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400	scope:	lte	version:	6	Trust: 0.8
vendor:	siemens	model:	simatic s7-400h v6	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400h	scope:	lte	version:	4.5	Trust: 0.8
vendor:	siemens	model:	s7-400h	scope:	lte	version:	<=4.5	Trust: 0.6
vendor:	siemens	model:	s7-400h	scope:	eq	version:	6	Trust: 0.6
vendor:	siemens	model:	s7-410	scope:	lt	version:	8.2.1	Trust: 0.6
vendor:	siemens	model:	s7-400	scope:	lte	version:	<=6	Trust: 0.6
vendor:	siemens	model:	s7-400 pn/dp	scope:	eq	version:	7	Trust: 0.6
vendor:	siemens	model:	simatic s7-410	scope:	eq	version:	8.1	Trust: 0.3
vendor:	siemens	model:	simatic s7-410	scope:	eq	version:	8	Trust: 0.3
vendor:	siemens	model:	simatic s7-400h cpu	scope:	eq	version:	4.5	Trust: 0.3
vendor:	siemens	model:	simatic s7-400 pn/dp	scope:	eq	version:	7	Trust: 0.3
vendor:	siemens	model:	simatic s7-400 h	scope:	eq	version:	v60	Trust: 0.3
vendor:	siemens	model:	simatic s7-400 cpu	scope:	eq	version:	6.0	Trust: 0.3
vendor:	siemens	model:	simatic s7-400 cpu	scope:	eq	version:	5.2	Trust: 0.3
vendor:	siemens	model:	simatic s7-400 cpu	scope:	eq	version:	5.0	Trust: 0.3
vendor:	siemens	model:	simatic s7-400 cpu	scope:	eq	version:	4.0	Trust: 0.3
vendor:	siemens	model:	simatic s7-410	scope:	ne	version:	8.2.1	Trust: 0.3
vendor:	simatic s7 400	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 400 pn dp v7	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 400h	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 410	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 400h v6	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 7d80ae61-463f-11e9-a301-000c29342cb1 // CNVD: CNVD-2018-25433 // BID: 107309 // JVNDB: JVNDB-2018-014530 // NVD: CVE-2018-16556

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-16556
value:	HIGH
Trust: 1.0
productcert@siemens.com:	CVE-2018-16556
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-16556
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-25433
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201811-489
value:	HIGH
Trust: 0.6
IVD:	7d80ae61-463f-11e9-a301-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-126927
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-16556
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-25433
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d80ae61-463f-11e9-a301-000c29342cb1
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-126927
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-16556
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8
productcert@siemens.com:	CVE-2018-16556
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: IVD: 7d80ae61-463f-11e9-a301-000c29342cb1 // CNVD: CNVD-2018-25433 // VULHUB: VHN-126927 // JVNDB: JVNDB-2018-014530 // CNNVD: CNNVD-201811-489 // NVD: CVE-2018-16556 // NVD: CVE-2018-16556

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-126927 // JVNDB: JVNDB-2018-014530 // NVD: CVE-2018-16556

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-489

TYPE

Input validation error

Trust: 1.1

sources: IVD: 7d80ae61-463f-11e9-a301-000c29342cb1 // BID: 107309 // CNNVD: CNNVD-201811-489

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014530

PATCH

title:	SSA-113131	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf	Trust: 0.8
title:	SiemensSIMATICS7-400 input verification vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/147355	Trust: 0.6
title:	Siemens SIMATIC S7-400 Enter the fix for the verification vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=86891	Trust: 0.6

sources: CNVD: CNVD-2018-25433 // JVNDB: JVNDB-2018-014530 // CNNVD: CNNVD-201811-489

EXTERNAL IDS

db:	NVD	id:	CVE-2018-16556	Trust: 3.6
db:	ICS CERT	id:	ICSA-18-317-02	Trust: 2.3
db:	SIEMENS	id:	SSA-113131	Trust: 1.7
db:	CNNVD	id:	CNNVD-201811-489	Trust: 0.9
db:	CNVD	id:	CNVD-2018-25433	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-014530	Trust: 0.8
db:	BID	id:	107309	Trust: 0.3
db:	IVD	id:	7D80AE61-463F-11E9-A301-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-126927	Trust: 0.1

sources: IVD: 7d80ae61-463f-11e9-a301-000c29342cb1 // CNVD: CNVD-2018-25433 // VULHUB: VHN-126927 // BID: 107309 // JVNDB: JVNDB-2018-014530 // CNNVD: CNNVD-201811-489 // NVD: CVE-2018-16556

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-317-02	Trust: 2.3
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16556	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16556	Trust: 0.8
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2018-25433 // VULHUB: VHN-126927 // BID: 107309 // JVNDB: JVNDB-2018-014530 // CNNVD: CNNVD-201811-489 // NVD: CVE-2018-16556

CREDITS

CNCERT/CC

Trust: 0.3

sources: BID: 107309

SOURCES

db:	IVD	id:	7d80ae61-463f-11e9-a301-000c29342cb1
db:	CNVD	id:	CNVD-2018-25433
db:	VULHUB	id:	VHN-126927
db:	BID	id:	107309
db:	JVNDB	id:	JVNDB-2018-014530
db:	CNNVD	id:	CNNVD-201811-489
db:	NVD	id:	CVE-2018-16556

LAST UPDATE DATE

2024-08-14T14:26:31.505000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-25433	date:	2018-12-14T00:00:00
db:	VULHUB	id:	VHN-126927	date:	2023-01-10T00:00:00
db:	BID	id:	107309	date:	2018-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-014530	date:	2019-03-26T00:00:00
db:	CNNVD	id:	CNNVD-201811-489	date:	2023-05-10T00:00:00
db:	NVD	id:	CVE-2018-16556	date:	2023-05-09T13:15:12.157

SOURCES RELEASE DATE

db:	IVD	id:	7d80ae61-463f-11e9-a301-000c29342cb1	date:	2018-12-14T00:00:00
db:	CNVD	id:	CNVD-2018-25433	date:	2018-12-14T00:00:00
db:	VULHUB	id:	VHN-126927	date:	2018-12-13T00:00:00
db:	BID	id:	107309	date:	2018-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-014530	date:	2019-03-26T00:00:00
db:	CNNVD	id:	CNNVD-201811-489	date:	2018-11-15T00:00:00
db:	NVD	id:	CVE-2018-16556	date:	2018-12-13T16:29:00.477