CVE-2018-16558

EPSS 1.33%
Published 17.04.2019 14:29:03
Last modified 21.11.2024 03:52:58
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Simatic S7-1500 Firmware Version <= 1.8.5

Siemens ≫ Simatic S7-1500 Version-

Siemens ≫ Simatic S7-1500 Firmware Version >= 2.0 < 2.5

Siemens ≫ Simatic S7-1500 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.33%	0.781

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-16558

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-16558

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-16558

EUVD