CVE-2016-8562

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC CP 1543-1 versions prior to V2.0.28 SIPLUS NET CP 1543-1 versions prior to V2.0.28

Description A vulnerability has been identified in the software, related to improper privilege management and insufficient input validation. Under special conditions, it is possible to write SNMP variables on port 161/udp, which should be read-only and only configured with TIA-Portal. This could reduce availability or cause a denial-of-service. An attacker could exploit this vulnerability by sending specially crafted packets to port 161/udp, potentially leading to a denial-of-service.

Recommendations For Siemens SIMATIC CP 1543-1 versions prior to V2.0.28, update to version V2.0.28 or later to resolve the issue. For SIPLUS NET CP 1543-1 versions prior to V2.0.28, update to version V2.0.28 or later to resolve the issue. As a temporary workaround, consider restricting access to port 161/udp to minimize the risk of exploitation.