Siemens SIMATIC S7-400 (all versions) and S7-410 < 8.2.1 Multiple Connections DOS

high Nessus Network Monitor Plugin ID 720170

Synopsis

Siemens SIMATIC S7-400 and S7-410 are vulnerable to the denial-of-service (DOS) attack.

Description

A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions), SIMATIC S7-410 (All versions < V8.2.1). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf,https://ics-cert.us-cert.gov/advisories/ICSA-18-317-02

Plugin Details

Severity: High

ID: 720170

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 11/13/2018

Vulnerability Publication Date: 11/13/2018

Reference Information

CVE: CVE-2018-16556