7.5

CVE-2016-8562

Warning

A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.

Data is provided by the National Vulnerability Database (NVD)
SiemensSimatic Cp 1543-1 Firmware Version < 2.0.28
   SiemensSimatic Cp 1543-1 Version-
SiemensSiplus Net Cp 1543-1 Firmware Version < 2.0.28
   SiemensSiplus Net Cp 1543-1 Version-

03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability

Vulnerability

An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 14.58% 0.94
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
http://www.securityfocus.com/bid/94436
Third Party Advisory
Broken Link
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01
Third Party Advisory
US Government Resource