7.8
CVE-2016-9158
- EPSS 1.15%
- Published 17.12.2016 03:59:00
- Last modified 12.04.2025 10:46:40
- Source productcert@siemens.com
- Teams watchlist Login
- Open Login
A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system.
Data is provided by the National Vulnerability Database (NVD)
Siemens ≫ Simatic S7-300 Cpu Firmware Version-
Siemens ≫ Simatic S7-300 Cpu 312 Version-
Siemens ≫ Simatic S7-300 Cpu 314 Version-
Siemens ≫ Simatic S7-300 Cpu 315-2 Dp Version-
Siemens ≫ Simatic S7-300 Cpu 317- 2 Dp Version-
Siemens ≫ Simatic S7-300 Cpu 314 Version-
Siemens ≫ Simatic S7-300 Cpu 315-2 Dp Version-
Siemens ≫ Simatic S7-300 Cpu 317- 2 Dp Version-
Siemens ≫ Simatic S7-400 Cpu Firmware Version-
Siemens ≫ Simatic S7-400 Cpu 412-1 Version-
Siemens ≫ Simatic S7-400 Cpu 412-2 Version-
Siemens ≫ Simatic S7-400 Cpu 412-2 Pn Version-
Siemens ≫ Simatic S7-400 Cpu 414-2 Version-
Siemens ≫ Simatic S7-400 Cpu 414-3 Version-
Siemens ≫ Simatic S7-400 Cpu 416-2 Version-
Siemens ≫ Simatic S7-400 Cpu 416-3 Version-
Siemens ≫ Simatic S7-400 Cpu 416f-2 Version-
Siemens ≫ Simatic S7-400 Cpu 417-4 Version-
Siemens ≫ Simatic S7-400 Cpu 412-2 Version-
Siemens ≫ Simatic S7-400 Cpu 412-2 Pn Version-
Siemens ≫ Simatic S7-400 Cpu 414-2 Version-
Siemens ≫ Simatic S7-400 Cpu 414-3 Version-
Siemens ≫ Simatic S7-400 Cpu 416-2 Version-
Siemens ≫ Simatic S7-400 Cpu 416-3 Version-
Siemens ≫ Simatic S7-400 Cpu 416f-2 Version-
Siemens ≫ Simatic S7-400 Cpu 417-4 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Type | Source | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 1.15% | 0.765 |
Source | Base Score | Exploit Score | Impact Score | Vector string |
---|---|---|---|---|
nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.