Improper input validation in Server applications

#VU11203 Improper input validation in Server applications

Published: 2018-03-20 | Updated: 2018-03-22

Vulnerability identifier: #VU11203

Vulnerability risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4843

CWE-ID: CWE-20

Exploitation vector: Local network

Exploit availability: No

Vendor: Siemens

Description
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to insufficient validation of user-supplied input. An attacker that is located on the same Ethernet segment (OSI Layer 2) as the targeted device can respond to a PROFINET DCP request with a specially crafted PROFINET DCP packet and cause denial of service.

Mitigation
Install update from vendor's website.

Vulnerable software versions

SIMATIC S7-300: All versions

SIMATIC WinAC RTX 2010: All versions

SIMATIC S7-410: All versions

Softnet PROFINET IO for PC-based Windows systems: All versions

SINUMERIK 828D: All versions

SIMATIC S7-400 PN/DP V7: All versions

SIMATIC S7-400 PN/DP V6: All versions

SIMATIC S7-400 H: All versions

SIMATIC S7-1500 Software Controller: All versions

SIMATIC CP 443-1 Standard: All versions

SIMATIC CP 443-1 Advanced: All versions

SIMATIC CP 343-1 Standard: All versions

SIMATIC CP 343-1 Advanced: All versions

External links
http://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Siemens SIMATIC, SINUMERIK, and PROFINET IO