PT-2017-9449 · Siemens · Siemens Eta4

Adam Crain

Published

2017-02-13

Updated

2017-03-14

CVE-2016-7987

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Siemens ETA4 firmware versions prior to Revision 08

Description The issue allows specially crafted packets sent to Port 2404/TCP to cause the affected device to go into defect mode, resulting in a Denial-of-Service. A cold start might be required to recover the system.

Recommendations For versions prior to Revision 08, update the firmware to Revision 08 or later to resolve the issue. As a temporary workaround, consider restricting access to Port 2404/TCP to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

CVE-2016-7987

Affected Products

Siemens Eta4

PT-2017-9449 · Siemens · Siemens Eta4

CVE-2016-7987

Weakness Enumeration

Related Identifiers

Affected Products

References · 4