PT-2016-5774 · Siemens · Simatic S7-300

Amund Sole

Publicado

2016-06-27

Atualizado

2020-02-10

CVE-2016-3949

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC S7-300 Profinet-enabled CPU devices versions prior to 3.2.12 Siemens SIMATIC S7-300 Profinet-disabled CPU devices versions prior to 3.3.12

Description The issue allows remote attackers to cause a denial of service, resulting in a defect-mode transition. This can be achieved via crafted packets, specifically (1) ISO-TSAP or (2) Profibus packets.

Recommendations For Siemens SIMATIC S7-300 Profinet-enabled CPU devices versions prior to 3.2.12, update the firmware to version 3.2.12 or later. For Siemens SIMATIC S7-300 Profinet-disabled CPU devices versions prior to 3.3.12, update the firmware to version 3.3.12 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

CVE-2016-3949

Produtos afetados

Simatic S7-300

PT-2016-5774 · Siemens · Simatic S7-300

CVE-2016-3949

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6