ID

VAR-201812-0391


CVE

CVE-2018-16556


TITLE

Siemens SIMATIC S7-400 Input validation vulnerability

Trust: 0.8

sources: IVD: 7d80ae61-463f-11e9-a301-000c29342cb1 // CNVD: CNVD-2018-25433

DESCRIPTION

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system. plural SIMATIC The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensSIMATICS7-400 is a programmable logic controller for manufacturing and process automation in Siemens, Germany. An input verification vulnerability exists in the Siemens SIMATIC S7-400 product. Siemens SIMATIC S7-400 CPU is prone to multiple denial-of-service vulnerabilities. Remote attackers may exploit these issues to cause denial-of-service conditions, denying service to legitimate users. A vulnerability has been identified in SIMATIC S7-400 (incl. At the time of advisory publication no public exploitation of this security vulnerability was known

Trust: 2.7

sources: NVD: CVE-2018-16556 // JVNDB: JVNDB-2018-014530 // CNVD: CNVD-2018-25433 // BID: 107309 // IVD: 7d80ae61-463f-11e9-a301-000c29342cb1 // VULHUB: VHN-126927

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 7d80ae61-463f-11e9-a301-000c29342cb1 // CNVD: CNVD-2018-25433

AFFECTED PRODUCTS

vendor:siemensmodel:simatic s7-410scope:ltversion:8.2.1

Trust: 1.8

vendor:siemensmodel:simatic s7-400scope:lteversion:v6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-400 pn\/dp v7scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-400h v6scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-400hscope:lteversion:v4.5

Trust: 1.0

vendor:siemensmodel:simatic s7-400 pn/dp v7scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-400scope:lteversion:6

Trust: 0.8

vendor:siemensmodel:simatic s7-400h v6scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-400hscope:lteversion:4.5

Trust: 0.8

vendor:siemensmodel:s7-400hscope:lteversion:<=4.5

Trust: 0.6

vendor:siemensmodel:s7-400hscope:eqversion:6

Trust: 0.6

vendor:siemensmodel:s7-410scope:ltversion:8.2.1

Trust: 0.6

vendor:siemensmodel:s7-400scope:lteversion:<=6

Trust: 0.6

vendor:siemensmodel:s7-400 pn/dpscope:eqversion:7

Trust: 0.6

vendor:siemensmodel:simatic s7-410scope:eqversion:8.1

Trust: 0.3

vendor:siemensmodel:simatic s7-410scope:eqversion:8

Trust: 0.3

vendor:siemensmodel:simatic s7-400h cpuscope:eqversion:4.5

Trust: 0.3

vendor:siemensmodel:simatic s7-400 pn/dpscope:eqversion:7

Trust: 0.3

vendor:siemensmodel:simatic s7-400 hscope:eqversion:v60

Trust: 0.3

vendor:siemensmodel:simatic s7-400 cpuscope:eqversion:6.0

Trust: 0.3

vendor:siemensmodel:simatic s7-400 cpuscope:eqversion:5.2

Trust: 0.3

vendor:siemensmodel:simatic s7-400 cpuscope:eqversion:5.0

Trust: 0.3

vendor:siemensmodel:simatic s7-400 cpuscope:eqversion:4.0

Trust: 0.3

vendor:siemensmodel:simatic s7-410scope:neversion:8.2.1

Trust: 0.3

vendor:simatic s7 400model: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 400 pn dp v7model: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 400hmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 410model: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 400h v6model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7d80ae61-463f-11e9-a301-000c29342cb1 // CNVD: CNVD-2018-25433 // BID: 107309 // JVNDB: JVNDB-2018-014530 // NVD: CVE-2018-16556

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-16556
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2018-16556
value: HIGH

Trust: 1.0

NVD: CVE-2018-16556
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-25433
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201811-489
value: HIGH

Trust: 0.6

IVD: 7d80ae61-463f-11e9-a301-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-126927
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-16556
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-25433
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d80ae61-463f-11e9-a301-000c29342cb1
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-126927
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-16556
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

productcert@siemens.com: CVE-2018-16556
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: IVD: 7d80ae61-463f-11e9-a301-000c29342cb1 // CNVD: CNVD-2018-25433 // VULHUB: VHN-126927 // JVNDB: JVNDB-2018-014530 // CNNVD: CNNVD-201811-489 // NVD: CVE-2018-16556 // NVD: CVE-2018-16556

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-126927 // JVNDB: JVNDB-2018-014530 // NVD: CVE-2018-16556

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-489

TYPE

Input validation error

Trust: 1.1

sources: IVD: 7d80ae61-463f-11e9-a301-000c29342cb1 // BID: 107309 // CNNVD: CNNVD-201811-489

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014530

PATCH

title:SSA-113131url:https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf

Trust: 0.8

title:SiemensSIMATICS7-400 input verification vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/147355

Trust: 0.6

title:Siemens SIMATIC S7-400 Enter the fix for the verification vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=86891

Trust: 0.6

sources: CNVD: CNVD-2018-25433 // JVNDB: JVNDB-2018-014530 // CNNVD: CNNVD-201811-489

EXTERNAL IDS

db:NVDid:CVE-2018-16556

Trust: 3.6

db:ICS CERTid:ICSA-18-317-02

Trust: 2.3

db:SIEMENSid:SSA-113131

Trust: 1.7

db:CNNVDid:CNNVD-201811-489

Trust: 0.9

db:CNVDid:CNVD-2018-25433

Trust: 0.8

db:JVNDBid:JVNDB-2018-014530

Trust: 0.8

db:BIDid:107309

Trust: 0.3

db:IVDid:7D80AE61-463F-11E9-A301-000C29342CB1

Trust: 0.2

db:VULHUBid:VHN-126927

Trust: 0.1

sources: IVD: 7d80ae61-463f-11e9-a301-000c29342cb1 // CNVD: CNVD-2018-25433 // VULHUB: VHN-126927 // BID: 107309 // JVNDB: JVNDB-2018-014530 // CNNVD: CNNVD-201811-489 // NVD: CVE-2018-16556

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-18-317-02

Trust: 2.3

url:https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16556

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-16556

Trust: 0.8

url:http://www.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2018-25433 // VULHUB: VHN-126927 // BID: 107309 // JVNDB: JVNDB-2018-014530 // CNNVD: CNNVD-201811-489 // NVD: CVE-2018-16556

CREDITS

CNCERT/CC

Trust: 0.3

sources: BID: 107309

SOURCES

db:IVDid:7d80ae61-463f-11e9-a301-000c29342cb1
db:CNVDid:CNVD-2018-25433
db:VULHUBid:VHN-126927
db:BIDid:107309
db:JVNDBid:JVNDB-2018-014530
db:CNNVDid:CNNVD-201811-489
db:NVDid:CVE-2018-16556

LAST UPDATE DATE

2024-08-14T14:26:31.505000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-25433date:2018-12-14T00:00:00
db:VULHUBid:VHN-126927date:2023-01-10T00:00:00
db:BIDid:107309date:2018-11-13T00:00:00
db:JVNDBid:JVNDB-2018-014530date:2019-03-26T00:00:00
db:CNNVDid:CNNVD-201811-489date:2023-05-10T00:00:00
db:NVDid:CVE-2018-16556date:2023-05-09T13:15:12.157

SOURCES RELEASE DATE

db:IVDid:7d80ae61-463f-11e9-a301-000c29342cb1date:2018-12-14T00:00:00
db:CNVDid:CNVD-2018-25433date:2018-12-14T00:00:00
db:VULHUBid:VHN-126927date:2018-12-13T00:00:00
db:BIDid:107309date:2018-11-13T00:00:00
db:JVNDBid:JVNDB-2018-014530date:2019-03-26T00:00:00
db:CNNVDid:CNNVD-201811-489date:2018-11-15T00:00:00
db:NVDid:CVE-2018-16556date:2018-12-13T16:29:00.477