A CVSS v3 base score of 7.5 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). This vulnerability could allow causing a denial-of-service condition of the core functionality of the CPU, compromising the availability of the system.ĬVE-2018-4850 has been assigned to this vulnerability. No user interaction or privileges are required to exploit the security vulnerability.
This includes Ethernet, PROFIBUS, and multi-point interfaces (MPI). Successful exploitation requires an attacker to be able to send a specially crafted S7 communication packet to a communication interface of the CPU.
SIEMENS SIMATIC S7 MANUAL
The CPU will remain in DEFECT mode until manual restart. The affected CPUs improperly validate S7 communication packets, which could cause a denial-of-service condition of the CPU. SIMATIC S7-400H CPU all hardware versions prior to v4.5Ĥ.2 VULNERABILITY OVERVIEW 4.2.1 IMPROPER INPUT VALIDATION CWE-20.F) CPU hardware v5.0 with firmware versions prior to v5.2, and F) CPU all hardware versions prior to, including, hardware v4.0, The following versions of SIMATIC S7-400, a CPU used for process controls, are affected: The CPU will remain in DEFECT mode until a manual restart is performed. Successful exploitation of this vulnerability could cause a denial-of-service condition of the CPU. This updated advisory is a follow-up to the original advisory titled ICSA-18-137-03 Siemens SIMATIC S7-400 CPU that was published May 17, 2018, on the NCCIC/ICS-CERT website.
Vulnerability: Improper Input Validation.ATTENTION: Exploitable remotely/low skill level to exploit.
0 kommentar(er)
