CVE-2018-4843
Published: Mar 20, 2018
Modified: Aug 5, 2024
CVSS v3.1
6.5
Description
A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (All versions < V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.16), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX 2010 (All versions < V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions < V2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a denial of service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. A manual restart is required to recover the system.
| Vendor | Product | Versions |
|---|---|---|
Siemens | SIMATIC S7-400 CPU 414-3 PN/DP V7 | affected All versions < V7.0.3 |
Siemens | SIMATIC S7-400 CPU 414F-3 PN/DP V7 | affected All versions < V7.0.3 |
Siemens | SIMATIC S7-400 CPU 416-3 PN/DP V7 | affected All versions < V7.0.3 |
Siemens | SIMATIC S7-400 CPU 416F-3 PN/DP V7 | affected All versions < V7.0.3 |
Siemens | SIMATIC CP 343-1 (incl. SIPLUS variants) | affected All versions |
Siemens | SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) | affected All versions |
Siemens | SIMATIC CP 443-1 | affected All versions < V3.3 |
Siemens | SIMATIC CP 443-1 | affected All versions < V3.3 |
Siemens | SIMATIC CP 443-1 Advanced | affected All versions < V3.3 |
Siemens | SIMATIC ET 200pro IM154-8 PN/DP CPU | affected All versions < V3.2.16 |
Siemens | SIMATIC ET 200pro IM154-8F PN/DP CPU | affected All versions < V3.2.16 |
Siemens | SIMATIC ET 200pro IM154-8FX PN/DP CPU | affected All versions < V3.2.16 |
Siemens | SIMATIC ET 200S IM151-8 PN/DP CPU | affected All versions < V3.2.16 |
Siemens | SIMATIC ET 200S IM151-8F PN/DP CPU | affected All versions < V3.2.16 |
Siemens | SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) | affected All versions < V1.7.0 |
Siemens | SIMATIC S7-1500 Software Controller | affected All versions < V1.7.0 |
Siemens | SIMATIC S7-300 CPU 314C-2 PN/DP | affected All versions < V3.3.16 |
Siemens | SIMATIC S7-300 CPU 315-2 PN/DP | affected All versions < V3.2.16 |
Siemens | SIMATIC S7-300 CPU 315F-2 PN/DP | affected All versions < V3.2.16 |
Siemens | SIMATIC S7-300 CPU 315T-3 PN/DP | affected All versions < V3.2.16 |
Siemens | SIMATIC S7-300 CPU 317-2 PN/DP | affected All versions < V3.2.16 |
Siemens | SIMATIC S7-300 CPU 317F-2 PN/DP | affected All versions < V3.2.16 |
Siemens | SIMATIC S7-300 CPU 317T-3 PN/DP | affected All versions < V3.2.16 |
Siemens | SIMATIC S7-300 CPU 317TF-3 PN/DP | affected All versions < V3.2.16 |
Siemens | SIMATIC S7-300 CPU 319-3 PN/DP | affected All versions < V3.2.16 |
Siemens | SIMATIC S7-300 CPU 319F-3 PN/DP | affected All versions < V3.2.16 |
Siemens | SIMATIC S7-400 CPU 412-2 PN V7 | affected All versions < V7.0.3 |
Siemens | SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) | affected All versions < V6.0.9 |
Siemens | SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) | affected All versions < V6.0.7 |
Siemens | SIMATIC S7-410 CPU family (incl. SIPLUS variants) | affected All versions < V8.1 |
Siemens | SIMATIC WinAC RTX 2010 | affected All versions < V2010 SP3 |
Siemens | SIMATIC WinAC RTX F 2010 | affected All versions < V2010 SP3 |
Siemens | SINUMERIK 828D | affected All versions < V4.7 SP6 HF1 |
Siemens | SIPLUS ET 200S IM151-8 PN/DP CPU | affected All versions < V3.2.16 |
Siemens | SIPLUS ET 200S IM151-8F PN/DP CPU | affected All versions < V3.2.16 |
Siemens | SIPLUS NET CP 443-1 | affected All versions < V3.3 |
Siemens | SIPLUS NET CP 443-1 Advanced | affected All versions < V3.3 |
Siemens | SIPLUS S7-300 CPU 314C-2 PN/DP | affected All versions < V3.3.16 |
Siemens | SIPLUS S7-300 CPU 315-2 PN/DP | affected All versions < V3.2.16 |
Siemens | SIPLUS S7-300 CPU 315F-2 PN/DP | affected All versions < V3.2.16 |
Siemens | SIPLUS S7-300 CPU 317-2 PN/DP | affected All versions < V3.2.16 |
Siemens | SIPLUS S7-300 CPU 317F-2 PN/DP | affected All versions < V3.2.16 |
Siemens | SIPLUS S7-400 CPU 414-3 PN/DP V7 | affected All versions < V7.0.3 |
Siemens | SIPLUS S7-400 CPU 416-3 PN/DP V7 | affected All versions < V7.0.3 |
Siemens | Softnet PROFINET IO for PC-based Windows systems | affected All versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now