Siemens SIMATIC S7-400 (all versions) and S7-410 < 8.2.1 Multiple Packets DOS

high Nessus Network Monitor Plugin ID 720171

Synopsis

Siemens SIMATIC S7-400 and S7-410 are vulnerable to the denial-of-service (DOS) attack.

Description

A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions), SIMATIC S7-410 (All versions < V8.2.1). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a Denial-of-Service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf,https://ics-cert.us-cert.gov/advisories/ICSA-18-317-02

Plugin Details

Severity: High

ID: 720171

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 11/13/2018

Vulnerability Publication Date: 11/13/2018

Reference Information

CVE: CVE-2018-16557