CVE-2018-13805

Name of the Vulnerable Software and Affected Versions SIMATIC ET 200SP Open Controller versions 2.0 through 2.1.5 SIMATIC S7-1500 Software Controller versions 2.0 through 2.4 SIMATIC S7-1500 incl. F versions 2.0 through 2.4

Description A vulnerability has been identified that allows an attacker to cause a denial-of-service condition on the network stack by sending a large number of specially crafted packets to the PLC. This could lead to the PLC losing its ability to communicate over the network, compromising the availability of network connectivity. The vulnerability can be exploited by an attacker with network access to the affected systems, requiring no privileges and no user interaction. At the time of advisory publication, no public exploitation of this vulnerability was known.

Recommendations For SIMATIC ET 200SP Open Controller versions 2.0 through 2.1.5, update to version 2.1.6 or later. For SIMATIC S7-1500 Software Controller versions 2.0 through 2.4, update to version 2.5 or later. For SIMATIC S7-1500 incl. F versions 2.0 through 2.4, update to version 2.5 or later.