Siemens SIMATIC S7 1500 Firmware < 1.8.3 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 133

Synopsis

A vulnerable Siemens SIMATIC S7 1500 programmable logic controller (PLC) has been detected.

Description

Siemens SIMATIC S7 1500 programmable logic controllers (PLCs) prior to firmware version 1.8.3 are vulnerable to a Denial of Service (DoS) condition (STOP mode transition) via a specially crafted packet to TCP port 102. An attacker can also bypass a replay protection mechanism via packets on TCP port 102.

Solution

Update the S7 1500 firmware to 1.8.3 or later.

Plugin Details

Severity: Medium

ID: 133

Family: SCADA

Published: 5/21/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.8.2

Patch Publication Date: 2/8/2016

Vulnerability Publication Date: 2/8/2016

Reference Information

CVE: CVE-2016-2200

BID: 83106