CVE-2015-8214

Name of the Vulnerable Software and Affected Versions SIMATIC NET CP 342-5 versions prior to not specified SIMATIC NET CP 343-1 Advanced versions prior to V3.0.44 SIMATIC NET CP 343-1 Lean versions prior to V3.1.1 SIMATIC NET CP 343-1 Standard versions prior to V3.1.1 SIMATIC NET CP 443-1 Advanced versions prior to V3.2.9 SIMATIC NET CP 443-1 Standard versions prior to V3.2.9 SIMATIC NET CP 443-5 Basic versions prior to not specified SIMATIC NET CP 443-5 Extended versions prior to not specified TIM 3V-IE / TIM 3V-IE Advanced versions prior to V2.6.0 TIM 3V-IE DNP3 versions prior to V3.1.0 TIM 4R-IE versions prior to V2.6.0 TIM 4R-IE DNP3 versions prior to V3.1.0

Description The issue concerns the access protection level enforcement in certain communication processors, which could allow unauthenticated users to perform administrative operations if network access is available and the configuration was stored on the corresponding CPUs. This could potentially be exploited via network access on port 102/TCP.

Recommendations For SIMATIC NET CP 342-5, update to a version that fixes this issue, as the current version is not specified. For SIMATIC NET CP 343-1 Advanced, update to version V3.0.44 or later. For SIMATIC NET CP 343-1 Lean, update to version V3.1.1 or later. For SIMATIC NET CP 343-1 Standard, update to version V3.1.1 or later. For SIMATIC NET CP 443-1 Advanced, update to version V3.2.9 or later. For SIMATIC NET CP 443-1 Standard, update to version V3.2.9 or later. For SIMATIC NET CP 443-5 Basic, update to a version that fixes this issue, as the current version is not specified. For SIMATIC NET CP 443-5 Extended, update to a version that fixes this issue, as the current version is not specified. For TIM 3V-IE / TIM 3V-IE Advanced, update to version V2.6.0 or later. For TIM 3V-IE DNP3, update to version V3.1.0 or later. For TIM 4R-IE, update to version V2.6.0 or later. For TIM 4R-IE DNP3, update to version V3.1.0 or later.