Siemens CP 1604 and CP 1616 Interface Cards < 2.5.2 Improper Access Control

critical Nessus Network Monitor Plugin ID 720031

Synopsis

The Siemens CP 1604 and CP 1616 interface cards allow remote attackers to execute arbitrary code.

Description

The debugging feature on the Siemens CP 1604 and CP 1616 interface cards with firmware before 2.5.2 allows remote attackers to execute arbitrary code via a crafted packet to UDP port 17185.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

http://ics-cert.us-cert.gov/pdf/ICSA-13-084-01.pdf,http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-628113.pdf,https://ics-cert.us-cert.gov/advisories/ICSA-13-084-01

Plugin Details

Severity: Critical

ID: 720031

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Patch Publication Date: 3/25/2013

Vulnerability Publication Date: 3/25/2013

Reference Information

CVE: CVE-2013-0659