Siemens SIMATIC S7 400 Firmware 6.0.0 < 6.0.3 Denial of Service Vulnerability

high Nessus Network Monitor Plugin ID 136

Description

Siemens SIMATIC S7 400 programmable logic controllers (PLCs) versions 6.0.1 and 6.0.2 for specific model families are vulnerable to a Denial of Service (DoS) via specially crafted packets. Successful exploitation causes the CPU to default into defect mode and the PLC will need to be manually reset to return to normal operation. SIMATIC V5 PN CPUs are also vulnerable but no update exists as this version has reached end-of-life and has been discontinued.

Plugin Details

Severity: High

ID: 136

Family: SCADA

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Reference Information

CVE: CVE-2012-3016

Detections

Analytics