Details of VAR-201812-0392

ID

VAR-201812-0392

CVE

CVE-2018-16557

TITLE

plural SIMATIC Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-014531

DESCRIPTION

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system. plural SIMATIC The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensSIMATICS7-400 is a programmable logic controller for manufacturing and process automation in Siemens, Germany. An input validation vulnerability exists in the Siemens SIMATIC S7-400. An attacker could exploit the vulnerability by sending a specially crafted packet to the TCP port 102. Siemens SIMATIC S7-400 CPU is prone to multiple denial-of-service vulnerabilities. Remote attackers may exploit these issues to cause denial-of-service conditions, denying service to legitimate users. A vulnerability has been identified in SIMATIC S7-400 (incl. At the time of advisory publication no public exploitation of this security vulnerability was known. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 2.7

sources: NVD: CVE-2018-16557 // JVNDB: JVNDB-2018-014531 // CNVD: CNVD-2018-23893 // BID: 107309 // IVD: 7d803931-463f-11e9-a595-000c29342cb1 // VULHUB: VHN-126928

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 7d803931-463f-11e9-a595-000c29342cb1 // CNVD: CNVD-2018-23893

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7-410	scope:	lt	version:	8.2.1	Trust: 1.8
vendor:	siemens	model:	simatic s7-400	scope:	lte	version:	v6.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-400 pn\/dp v7	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-400h	scope:	lt	version:	6.0.9	Trust: 1.0
vendor:	siemens	model:	simatic s7-400h	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-400h	scope:	lte	version:	v4.5	Trust: 1.0
vendor:	siemens	model:	simatic s7-400 pn/dp v7	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400	scope:	lte	version:	6	Trust: 0.8
vendor:	siemens	model:	simatic s7-400h v6	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400h	scope:	lte	version:	4.5	Trust: 0.8
vendor:	siemens	model:	s7-400	scope:	lte	version:	<=6	Trust: 0.6
vendor:	siemens	model:	s7-400 pn/dp	scope:	eq	version:	7	Trust: 0.6
vendor:	siemens	model:	s7-400h	scope:	lte	version:	<=4.5	Trust: 0.6
vendor:	siemens	model:	s7-400h	scope:	eq	version:	6	Trust: 0.6
vendor:	siemens	model:	s7-410	scope:	lt	version:	8.2.1	Trust: 0.6
vendor:	siemens	model:	simatic s7-410	scope:	eq	version:	8.1	Trust: 0.3
vendor:	siemens	model:	simatic s7-410	scope:	eq	version:	8	Trust: 0.3
vendor:	siemens	model:	simatic s7-400h cpu	scope:	eq	version:	4.5	Trust: 0.3
vendor:	siemens	model:	simatic s7-400 pn/dp	scope:	eq	version:	7	Trust: 0.3
vendor:	siemens	model:	simatic s7-400 h	scope:	eq	version:	v60	Trust: 0.3
vendor:	siemens	model:	simatic s7-400 cpu	scope:	eq	version:	6.0	Trust: 0.3
vendor:	siemens	model:	simatic s7-400 cpu	scope:	eq	version:	5.2	Trust: 0.3
vendor:	siemens	model:	simatic s7-400 cpu	scope:	eq	version:	5.0	Trust: 0.3
vendor:	siemens	model:	simatic s7-400 cpu	scope:	eq	version:	4.0	Trust: 0.3
vendor:	siemens	model:	simatic s7-410	scope:	ne	version:	8.2.1	Trust: 0.3
vendor:	simatic s7 400	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 400 pn dp v7	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 400h	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 410	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 400h v6	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 7d803931-463f-11e9-a595-000c29342cb1 // CNVD: CNVD-2018-23893 // BID: 107309 // JVNDB: JVNDB-2018-014531 // NVD: CVE-2018-16557

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-16557
value:	HIGH
Trust: 1.0
productcert@siemens.com:	CVE-2018-16557
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-16557
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-23893
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201811-490
value:	HIGH
Trust: 0.6
IVD:	7d803931-463f-11e9-a595-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-126928
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-16557
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-23893
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d803931-463f-11e9-a595-000c29342cb1
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-126928
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-16557
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
productcert@siemens.com:	CVE-2018-16557
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	CVE-2018-16557
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 7d803931-463f-11e9-a595-000c29342cb1 // CNVD: CNVD-2018-23893 // VULHUB: VHN-126928 // JVNDB: JVNDB-2018-014531 // CNNVD: CNNVD-201811-490 // NVD: CVE-2018-16557 // NVD: CVE-2018-16557

PROBLEMTYPE DATA

problemtype:	CWE-347	Trust: 1.1
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-126928 // JVNDB: JVNDB-2018-014531 // NVD: CVE-2018-16557

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-490

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201811-490

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014531

PATCH

title:	SSA-113131	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf	Trust: 0.8
title:	SiemensSIMATICS7-400 input verification vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/145251	Trust: 0.6
title:	Siemens SIMATIC S7-400 Enter the fix for the verification vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=86890	Trust: 0.6

sources: CNVD: CNVD-2018-23893 // JVNDB: JVNDB-2018-014531 // CNNVD: CNNVD-201811-490

EXTERNAL IDS

db:	NVD	id:	CVE-2018-16557	Trust: 3.6
db:	ICS CERT	id:	ICSA-18-317-02	Trust: 2.3
db:	SIEMENS	id:	SSA-113131	Trust: 1.7
db:	CNNVD	id:	CNNVD-201811-490	Trust: 0.9
db:	CNVD	id:	CNVD-2018-23893	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-014531	Trust: 0.8
db:	BID	id:	107309	Trust: 0.3
db:	IVD	id:	7D803931-463F-11E9-A595-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-126928	Trust: 0.1

sources: IVD: 7d803931-463f-11e9-a595-000c29342cb1 // CNVD: CNVD-2018-23893 // VULHUB: VHN-126928 // BID: 107309 // JVNDB: JVNDB-2018-014531 // CNNVD: CNNVD-201811-490 // NVD: CVE-2018-16557

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-317-02	Trust: 2.3
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16557	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16557	Trust: 0.8
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2018-23893 // VULHUB: VHN-126928 // BID: 107309 // JVNDB: JVNDB-2018-014531 // CNNVD: CNNVD-201811-490 // NVD: CVE-2018-16557

CREDITS

CNCERT/CC

Trust: 0.3

sources: BID: 107309

SOURCES

db:	IVD	id:	7d803931-463f-11e9-a595-000c29342cb1
db:	CNVD	id:	CNVD-2018-23893
db:	VULHUB	id:	VHN-126928
db:	BID	id:	107309
db:	JVNDB	id:	JVNDB-2018-014531
db:	CNNVD	id:	CNNVD-201811-490
db:	NVD	id:	CVE-2018-16557

LAST UPDATE DATE

2024-08-14T14:26:31.464000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-23893	date:	2018-12-14T00:00:00
db:	VULHUB	id:	VHN-126928	date:	2023-01-10T00:00:00
db:	BID	id:	107309	date:	2018-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-014531	date:	2019-03-26T00:00:00
db:	CNNVD	id:	CNNVD-201811-490	date:	2023-05-10T00:00:00
db:	NVD	id:	CVE-2018-16557	date:	2023-05-09T13:15:12.410

SOURCES RELEASE DATE

db:	IVD	id:	7d803931-463f-11e9-a595-000c29342cb1	date:	2018-11-23T00:00:00
db:	CNVD	id:	CNVD-2018-23893	date:	2018-11-23T00:00:00
db:	VULHUB	id:	VHN-126928	date:	2018-12-13T00:00:00
db:	BID	id:	107309	date:	2018-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-014531	date:	2019-03-26T00:00:00
db:	CNNVD	id:	CNNVD-201811-490	date:	2018-11-15T00:00:00
db:	NVD	id:	CVE-2018-16557	date:	2018-12-13T16:29:00.507