Vulnerability identifier: #VU21932
Vulnerability risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
SINUMERIK 840D sl
Server applications /
SCADA systems
SINUMERIK 828D
Server applications /
SCADA systems
SIMATIC S7-400 PN/DP V7
Server applications /
SCADA systems
CP1616
Server applications /
SCADA systems
CP1604
Server applications /
SCADA systems
SINAMICS SM120
Hardware solutions /
Firmware
SINAMICS SL150
Hardware solutions /
Firmware
SINAMICS S150
Hardware solutions /
Firmware
SINAMICS S120
Hardware solutions /
Firmware
SINAMICS S110
Hardware solutions /
Firmware
SINAMICS GM150
Hardware solutions /
Firmware
SINAMICS GL150
Hardware solutions /
Firmware
SINAMICS GH150
Hardware solutions /
Firmware
SINAMICS G150
Hardware solutions /
Firmware
SINAMICS G130
Hardware solutions /
Firmware
SINAMICS G120
Hardware solutions /
Firmware
SINAMICS G110M
Hardware solutions /
Firmware
SINAMICS DCP
Hardware solutions /
Firmware
SINAMICS DCM
Hardware solutions /
Firmware
SIMOTION Firmware
Hardware solutions /
Firmware
SIMATIC WinAC RTX (F) 2010
Hardware solutions /
Firmware
SIMATIC S7-400
Hardware solutions /
Firmware
SIMATIC S7-300
Hardware solutions /
Firmware
SIMATIC PN/PN Coupler
Hardware solutions /
Firmware
SIMATIC ET 200pro
Hardware solutions /
Firmware
SIMATIC ET 200ecoPN
Hardware solutions /
Firmware
SIMATIC ET 200S
Hardware solutions /
Firmware
SIMATIC ET 200M
Hardware solutions /
Firmware
SCALANCE X-200 IRT
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Vendor: Siemens
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted packet, break the real-time synchronization of the affected installation and cause a denial-of-service condition on the target system.
Mitigation
Vulnerable software versions
SINUMERIK 840D sl: All versions
SINUMERIK 828D: All versions
SINAMICS SM120: All versions
SINAMICS SL150: All versions
SINAMICS S150: All versions
SINAMICS S120: All versions
SINAMICS S110: All versions
SINAMICS GM150: All versions
SINAMICS GL150: All versions
SINAMICS GH150: All versions
SINAMICS G150: All versions
SINAMICS G130: All versions
SINAMICS G120: All versions
SINAMICS G110M: All versions
SINAMICS DCP: All versions
SINAMICS DCM: All versions
SIMOTION Firmware: All versions
SIMATIC WinAC RTX (F) 2010: All versions
SIMATIC S7-400 PN/DP V7: All versions
SIMATIC S7-400: All versions
SIMATIC S7-300: All versions
SIMATIC PN/PN Coupler: All versions
SIMATIC ET 200pro: All versions
SIMATIC ET 200ecoPN: All versions
SIMATIC ET 200S: All versions
SIMATIC ET 200M: All versions
SCALANCE X-200 IRT: All versions
CP1616: 1.0 - 2.7.2
CP1604: 1.0 - 2.7.2
External links
http://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf
http://www.us-cert.gov/ics/advisories/icsa-19-283-01
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.