VDB

CVE-2018-4843

CVE-2018-4843 PUBLISHED CVSS 6.099999904632568 MEDIUM

A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All versions), SIMATIC CP 343-1 Standard (All versions), SIMATIC CP 443-1 Advanced (All versions), SIMATIC CP 443-1 Standard (All versions), SIMATIC S7-1500 Software Controller incl. F (All versions < V1.7.0), SIMATIC S7-1500 incl. F (All versions < V1.7.0), SIMATIC S7-300 incl. F and T (All versions < V3.X.16), SIMATIC S7-400 H V6 (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions), SIMATIC S7-410 (All versions < V8.1), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a Denial-of-Service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. A manual restart is required to recover the system. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected.

EPSS 0.25% · 48.7th percentile

Risk Scores

CVSS 2.0
6.099999904632568
EPSS Score
0.25%
48.7th percentile

Affected Products

VendorProductVersions
siemenssinumerik_828d_firmware
siemenssimatic_winac_rtx_2010_firmware
siemenssimatic_s7-400_h_v6_firmware
siemenssimatic_s7-410_firmware0
siemenssimatic_s7-300_firmware
siemenssimatic_cp_443-1_firmware
siemenssimatic_cp_343-1_firmware
siemenssimatic_s7-400_pn\/dp_v6_firmware0
siemenssimatic_s7-1500_firmware0
siemenssimatic_s7-400_pn\/dp_v7_firmware
siemenssoftnet_pn-io_linux_firmware

Timeline

  • Mar 20, 2018 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›