CNVD-2015-07864 — Vulnetix

CNVD-2015-07864 PUBLISHED

Siemens SIMATIC CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1是通信机模块。 Siemens SIMATIC CP 343-1 Advanced 设备3.0.44之前版本, CP 343-1 Lean, CP 343-1, TIM 3V-IE, TIM 3V-IE Advanced, TIM 3V-IE DNP3, TIM 4R-IE, TIM 4R-IE DNP3, CP 443-1, CP 443-1 Advanced在访问保护层的实现上存在安全漏洞，允许未经身份验证的远程攻击者利用此漏洞通过TCP端口102上的会话获取管理员访问权限。

Affected Products

Vendor	Product	Versions
	Siemens SIMATIC CP 343-1 Advanced devices <3.0.44
	Siemens TIM 4R-IE devices
	Siemens TIM 3V-IE Advanced devices
	Siemens TIM 4R-IE DNP3 devices
	Siemens TIM 3V-IE devices
	Siemens CP 343-1 Lean devices
	Siemens CP 443-1 devices
	Siemens CP 343-1 devices
	Siemens CP 443-1 Advanced devices
	Siemens TIM 3V-IE DNP3 devices

Timeline

Nov 30, 2015 CVE ID Reserved
Dec 1, 2015 CVE Published

References

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf url

Open in Interactive Console →