CVE-2018-4832

Name of the Vulnerable Software and Affected Versions OpenPCS 7 versions V7.1 through V8.2, V9.0 through V9.0 Upd1 SIMATIC BATCH versions V7.1 through V8.2, V9.0 through V9.0 SP1 SIMATIC NET PC Software versions V14 through V14 SP1 Update 14, V15 through 15 SP1 SIMATIC PCS 7 versions V7.1 through V8.2, V9.0 through V9.0 SP1 SIMATIC Route Control versions V7.1 through V9.0 SIMATIC WinCC Runtime Professional versions V13 through V13 SP2 Upd2, V14 through V14 SP1 Upd5 SIMATIC WinCC versions V7.2 through WinCC 7.2 Upd 15, V7.3 through WinCC 7.3 Upd 16, V7.4 through V7.4 SP1 Upd 4 SPPA-T3000 Application Server versions prior to Service Pack R8.2 SP2

Description The issue exists due to insufficient input validation in the affected products, allowing a remote attacker to cause a Denial-of-Service condition by sending specially crafted messages to the RPC service. This can affect both remote and local communication functionality, requiring a system reboot to recover. The attacker must have network access to the Application Server to exploit this issue. At the time of advisory publication, no public exploitation of this security issue was known.

Recommendations For OpenPCS 7 versions V7.1 through V8.2 and V9.0 through V9.0 Upd1, update to a version outside of the affected range. For SIMATIC BATCH versions V7.1 through V8.2 and V9.0 through V9.0 SP1, update to a version outside of the affected range. For SIMATIC NET PC Software versions V14 through V14 SP1 Update 14 and V15 through 15 SP1, update to a version outside of the affected range. For SIMATIC PCS 7 versions V7.1 through V8.2 and V9.0 through V9.0 SP1, update to a version outside of the affected range. For SIMATIC Route Control versions V7.1 through V9.0, update to a version outside of the affected range. For SIMATIC WinCC Runtime Professional versions V13 through V13 SP2 Upd2 and V14 through V14 SP1 Upd5, update to a version outside of the affected range. For SIMATIC WinCC versions V7.2 through WinCC 7.2 Upd 15, V7.3 through WinCC 7.3 Upd 16, and V7.4 through V7.4 SP1 Upd 4, update to a version outside of the affected range. For SPPA-T3000 Application Server versions prior to Service Pack R8.2 SP2, update to Service Pack R8.2 SP2 or later.