VDB
ICSA-18-079-02
ICSA-18-079-02
PUBLISHED
CVSS 6.5 MEDIUM
Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a denial of service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
Risk Scores
CVSS v3.1
6.5
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0) | ||
| SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0) | ||
| SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) | ||
| SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) | ||
| SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0) | ||
| SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) | ||
| SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) | ||
| SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0) | ||
| SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0) | ||
| SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0) | ||
| SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0) | ||
| SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0) | ||
| SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) | ||
| SIMATIC S7-1500 Software Controller | ||
| SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0) | ||
| SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0) | ||
| SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0) | ||
| SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0) | ||
| SIMATIC CP 343-1 (incl. SIPLUS variants) | ||
| SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0) |
Timeline
- Mar 20, 2018 CVE Published
- May 9, 2023 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-592007.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-592007.html advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-592007.txt advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-079-02.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-18-079-02 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://support.industry.siemens.com/cs/ww/en/view/109817938/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109752685/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109474874 fix
- https://support.industry.siemens.com/cs/ww/en/view/109474550 fix
- https://support.industry.siemens.com/cs/ww/en/view/109476571 fix
- https://support.industry.siemens.com/cs/ww/en/view/109478459/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109478528/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109765109/ fix
…and 15 more