PT-2018-16568 · Siemens · Simatic S7-400 H
Published
2018-05-16
·
Updated
2019-10-09
·
CVE-2018-4850
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below
SIMATIC S7-400 (incl. F) CPU hardware version 5.0 with firmware versions less than V5.2
SIMATIC S7-400H CPU hardware version 4.5 and below
Description
A vulnerability has been identified that improperly validates S7 communication packets, which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart.
Recommendations
For SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below, update to a version above 4.0 or apply a firmware update to address the issue.
For SIMATIC S7-400 (incl. F) CPU hardware version 5.0, update the firmware to V5.2 or later.
For SIMATIC S7-400H CPU hardware version 4.5 and below, update to a version above 4.5 to resolve the issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic S7-400 H