ID

VAR-201812-0392


CVE

CVE-2018-16557


TITLE

plural SIMATIC Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-014531

DESCRIPTION

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system. plural SIMATIC The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensSIMATICS7-400 is a programmable logic controller for manufacturing and process automation in Siemens, Germany. An input validation vulnerability exists in the Siemens SIMATIC S7-400. An attacker could exploit the vulnerability by sending a specially crafted packet to the TCP port 102. Siemens SIMATIC S7-400 CPU is prone to multiple denial-of-service vulnerabilities. Remote attackers may exploit these issues to cause denial-of-service conditions, denying service to legitimate users. A vulnerability has been identified in SIMATIC S7-400 (incl. At the time of advisory publication no public exploitation of this security vulnerability was known. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 2.7

sources: NVD: CVE-2018-16557 // JVNDB: JVNDB-2018-014531 // CNVD: CNVD-2018-23893 // BID: 107309 // IVD: 7d803931-463f-11e9-a595-000c29342cb1 // VULHUB: VHN-126928

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 7d803931-463f-11e9-a595-000c29342cb1 // CNVD: CNVD-2018-23893

AFFECTED PRODUCTS

vendor:siemensmodel:simatic s7-410scope:ltversion:8.2.1

Trust: 1.8

vendor:siemensmodel:simatic s7-400scope:lteversion:v6.0

Trust: 1.0

vendor:siemensmodel:simatic s7-400 pn\/dp v7scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-400hscope:ltversion:6.0.9

Trust: 1.0

vendor:siemensmodel:simatic s7-400hscope:gteversion:6.0.0

Trust: 1.0

vendor:siemensmodel:simatic s7-400hscope:lteversion:v4.5

Trust: 1.0

vendor:siemensmodel:simatic s7-400 pn/dp v7scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-400scope:lteversion:6

Trust: 0.8

vendor:siemensmodel:simatic s7-400h v6scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-400hscope:lteversion:4.5

Trust: 0.8

vendor:siemensmodel:s7-400scope:lteversion:<=6

Trust: 0.6

vendor:siemensmodel:s7-400 pn/dpscope:eqversion:7

Trust: 0.6

vendor:siemensmodel:s7-400hscope:lteversion:<=4.5

Trust: 0.6

vendor:siemensmodel:s7-400hscope:eqversion:6

Trust: 0.6

vendor:siemensmodel:s7-410scope:ltversion:8.2.1

Trust: 0.6

vendor:siemensmodel:simatic s7-410scope:eqversion:8.1

Trust: 0.3

vendor:siemensmodel:simatic s7-410scope:eqversion:8

Trust: 0.3

vendor:siemensmodel:simatic s7-400h cpuscope:eqversion:4.5

Trust: 0.3

vendor:siemensmodel:simatic s7-400 pn/dpscope:eqversion:7

Trust: 0.3

vendor:siemensmodel:simatic s7-400 hscope:eqversion:v60

Trust: 0.3

vendor:siemensmodel:simatic s7-400 cpuscope:eqversion:6.0

Trust: 0.3

vendor:siemensmodel:simatic s7-400 cpuscope:eqversion:5.2

Trust: 0.3

vendor:siemensmodel:simatic s7-400 cpuscope:eqversion:5.0

Trust: 0.3

vendor:siemensmodel:simatic s7-400 cpuscope:eqversion:4.0

Trust: 0.3

vendor:siemensmodel:simatic s7-410scope:neversion:8.2.1

Trust: 0.3

vendor:simatic s7 400model: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 400 pn dp v7model: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 400hmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 410model: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 400h v6model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7d803931-463f-11e9-a595-000c29342cb1 // CNVD: CNVD-2018-23893 // BID: 107309 // JVNDB: JVNDB-2018-014531 // NVD: CVE-2018-16557

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-16557
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2018-16557
value: HIGH

Trust: 1.0

NVD: CVE-2018-16557
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-23893
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201811-490
value: HIGH

Trust: 0.6

IVD: 7d803931-463f-11e9-a595-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-126928
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-16557
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-23893
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d803931-463f-11e9-a595-000c29342cb1
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-126928
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-16557
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2018-16557
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2018-16557
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 7d803931-463f-11e9-a595-000c29342cb1 // CNVD: CNVD-2018-23893 // VULHUB: VHN-126928 // JVNDB: JVNDB-2018-014531 // CNNVD: CNNVD-201811-490 // NVD: CVE-2018-16557 // NVD: CVE-2018-16557

PROBLEMTYPE DATA

problemtype:CWE-347

Trust: 1.1

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-126928 // JVNDB: JVNDB-2018-014531 // NVD: CVE-2018-16557

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-490

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201811-490

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014531

PATCH

title:SSA-113131url:https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf

Trust: 0.8

title:SiemensSIMATICS7-400 input verification vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/145251

Trust: 0.6

title:Siemens SIMATIC S7-400 Enter the fix for the verification vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=86890

Trust: 0.6

sources: CNVD: CNVD-2018-23893 // JVNDB: JVNDB-2018-014531 // CNNVD: CNNVD-201811-490

EXTERNAL IDS

db:NVDid:CVE-2018-16557

Trust: 3.6

db:ICS CERTid:ICSA-18-317-02

Trust: 2.3

db:SIEMENSid:SSA-113131

Trust: 1.7

db:CNNVDid:CNNVD-201811-490

Trust: 0.9

db:CNVDid:CNVD-2018-23893

Trust: 0.8

db:JVNDBid:JVNDB-2018-014531

Trust: 0.8

db:BIDid:107309

Trust: 0.3

db:IVDid:7D803931-463F-11E9-A595-000C29342CB1

Trust: 0.2

db:VULHUBid:VHN-126928

Trust: 0.1

sources: IVD: 7d803931-463f-11e9-a595-000c29342cb1 // CNVD: CNVD-2018-23893 // VULHUB: VHN-126928 // BID: 107309 // JVNDB: JVNDB-2018-014531 // CNNVD: CNNVD-201811-490 // NVD: CVE-2018-16557

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-18-317-02

Trust: 2.3

url:https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16557

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-16557

Trust: 0.8

url:http://www.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2018-23893 // VULHUB: VHN-126928 // BID: 107309 // JVNDB: JVNDB-2018-014531 // CNNVD: CNNVD-201811-490 // NVD: CVE-2018-16557

CREDITS

CNCERT/CC

Trust: 0.3

sources: BID: 107309

SOURCES

db:IVDid:7d803931-463f-11e9-a595-000c29342cb1
db:CNVDid:CNVD-2018-23893
db:VULHUBid:VHN-126928
db:BIDid:107309
db:JVNDBid:JVNDB-2018-014531
db:CNNVDid:CNNVD-201811-490
db:NVDid:CVE-2018-16557

LAST UPDATE DATE

2024-08-14T14:26:31.464000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-23893date:2018-12-14T00:00:00
db:VULHUBid:VHN-126928date:2023-01-10T00:00:00
db:BIDid:107309date:2018-11-13T00:00:00
db:JVNDBid:JVNDB-2018-014531date:2019-03-26T00:00:00
db:CNNVDid:CNNVD-201811-490date:2023-05-10T00:00:00
db:NVDid:CVE-2018-16557date:2023-05-09T13:15:12.410

SOURCES RELEASE DATE

db:IVDid:7d803931-463f-11e9-a595-000c29342cb1date:2018-11-23T00:00:00
db:CNVDid:CNVD-2018-23893date:2018-11-23T00:00:00
db:VULHUBid:VHN-126928date:2018-12-13T00:00:00
db:BIDid:107309date:2018-11-13T00:00:00
db:JVNDBid:JVNDB-2018-014531date:2019-03-26T00:00:00
db:CNNVDid:CNNVD-201811-490date:2018-11-15T00:00:00
db:NVDid:CVE-2018-16557date:2018-12-13T16:29:00.507