Description
A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via
PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected
devices to go into defect mode. Manual reboot is required to resume normal
operation.
Successful exploitation requires an attacker to be able to send specially
crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi
Point Interfaces (MPI). No user interaction and no user privileges are
required to exploit the security vulnerability. The vulnerability could allow
causing a denial of service condition of the core functionality of the CPU,
compromising the availability of the system.
PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected
devices to go into defect mode. Manual reboot is required to resume normal
operation.
Successful exploitation requires an attacker to be able to send specially
crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi
Point Interfaces (MPI). No user interaction and no user privileges are
required to exploit the security vulnerability. The vulnerability could allow
causing a denial of service condition of the core functionality of the CPU,
compromising the availability of the system.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Siemens | SIMATIC S7-400 CPU 412-1 DP V7 | unknown |
|
||||||
| Siemens | SIMATIC S7-400 CPU 412-2 DP V7 | unknown |
|
||||||
| Siemens | SIMATIC S7-400 CPU 414-2 DP V7 | unknown |
|
||||||
| Siemens | SIMATIC S7-400 CPU 414-3 DP V7 | unknown |
|
||||||
| Siemens | SIMATIC S7-400 CPU 414-3 PN/DP V7 | unknown |
|
||||||
| Siemens | SIMATIC S7-400 CPU 414F-3 PN/DP V7 | unknown |
|
||||||
| Siemens | SIMATIC S7-400 CPU 416-2 DP V7 | unknown |
|
||||||
| Siemens | SIMATIC S7-400 CPU 416-3 DP V7 | unknown |
|
||||||
| Siemens | SIMATIC S7-400 CPU 416-3 PN/DP V7 | unknown |
|
||||||
| Siemens | SIMATIC S7-400 CPU 416F-2 DP V7 | unknown |
|
||||||
| Siemens | SIMATIC S7-400 CPU 416F-3 PN/DP V7 | unknown |
|
||||||
| Siemens | SIMATIC S7-400 CPU 417-4 DP V7 | unknown |
|
||||||
| Siemens | SIMATIC S7-400 CPU 412-2 PN V7 | unknown |
|
||||||
| Siemens | SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) | unknown |
|
||||||
| Siemens | SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) | unknown |
|
||||||
| Siemens | SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) | unknown |
|
||||||
| Siemens | SIMATIC S7-410 CPU family (incl. SIPLUS variants) | unknown |
|
||||||
| Siemens | SIPLUS S7-400 CPU 414-3 PN/DP V7 | unknown |
|
||||||
| Siemens | SIPLUS S7-400 CPU 416-3 PN/DP V7 | unknown |
|
||||||
| Siemens | SIPLUS S7-400 CPU 416-3 V7 | unknown |
|
||||||
| Siemens | SIPLUS S7-400 CPU 417-4 V7 | unknown |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
Configuration 3 [-]
| AND |
|
Configuration 4 [-]
| AND |
|
Configuration 5 [-]
| AND |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2018-8363 | A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system. |
References
History
No history.
Subscriptions
Siemens
Subscribe
Simatic S7-400
Subscribe
Simatic S7-400 Firmware
Subscribe
Simatic S7-400 Pn\/dp V7
Subscribe
Simatic S7-400 Pn\/dp V7 Firmware
Subscribe
Simatic S7-400h
Subscribe
Simatic S7-400h Firmware
Subscribe
Simatic S7-400h V6
Subscribe
Simatic S7-400h V6 Firmware
Subscribe
Simatic S7-410
Subscribe
Simatic S7-410 Firmware
Subscribe
MITRE
Status: PUBLISHED
Assigner: siemens
Published:
Updated: 2024-08-05T10:24:32.865Z
Reserved: 2018-09-06T00:00:00.000Z
Link: CVE-2018-16556
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-12-13T16:29:00.477
Modified: 2024-11-21T03:52:58.407
Link: CVE-2018-16556
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses