PT-2018-2789 · Siemens · Siplus Net Cp 443-1 Advanced+30
Published
2018-03-20
·
Updated
2023-05-09
·
CVE-2018-4843
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
SIMATIC S7-400 CPU 414-3 PN/DP V7 versions prior to V7.0.3
SIMATIC S7-400 CPU 414F-3 PN/DP V7 versions prior to V7.0.3
SIMATIC S7-400 CPU 416-3 PN/DP V7 versions prior to V7.0.3
SIMATIC S7-400 CPU 416F-3 PN/DP V7 versions prior to V7.0.3
SIMATIC CP 343-1 (incl. SIPLUS variants) (affected versions not specified)
SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (affected versions not specified)
SIMATIC CP 443-1 versions prior to V3.3
SIMATIC CP 443-1 Advanced versions prior to V3.3
SIMATIC ET 200pro IM154-8 PN/DP CPU versions prior to V3.2.16
SIMATIC ET 200pro IM154-8F PN/DP CPU versions prior to V3.2.16
SIMATIC ET 200pro IM154-8FX PN/DP CPU versions prior to V3.2.16
SIMATIC ET 200S IM151-8 PN/DP CPU versions prior to V3.2.16
SIMATIC ET 200S IM151-8F PN/DP CPU versions prior to V3.2.16
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions prior to V1.7.0
SIMATIC S7-1500 Software Controller versions prior to V1.7.0
SIMATIC S7-300 CPU 314C-2 PN/DP versions prior to V3.3.16
SIMATIC S7-300 CPU 315-2 PN/DP versions prior to V3.2.16
SIMATIC S7-300 CPU 315F-2 PN/DP versions prior to V3.2.16
SIMATIC S7-300 CPU 315T-3 PN/DP versions prior to V3.2.16
SIMATIC S7-300 CPU 317-2 PN/DP versions prior to V3.2.16
SIMATIC S7-300 CPU 317F-2 PN/DP versions prior to V3.2.16
SIMATIC S7-300 CPU 317T-3 PN/DP versions prior to V3.2.16
SIMATIC S7-300 CPU 317TF-3 PN/DP versions prior to V3.2.16
SIMATIC S7-300 CPU 319-3 PN/DP versions prior to V3.2.16
SIMATIC S7-300 CPU 319F-3 PN/DP versions prior to V3.2.16
SIMATIC S7-400 CPU 412-2 PN V7 versions prior to V7.0.3
SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) versions prior to V6.0.9
SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) versions prior to V6.0.7
SIMATIC S7-410 CPU family (incl. SIPLUS variants) versions prior to V8.1
SIMATIC WinAC RTX 2010 versions prior to V2010 SP3
SIMATIC WinAC RTX F 2010 versions prior to V2010 SP3
SINUMERIK 828D versions prior to V4.7 SP6 HF1
SIPLUS ET 200S IM151-8 PN/DP CPU versions prior to V3.2.16
SIPLUS ET 200S IM151-8F PN/DP CPU versions prior to V3.2.16
SIPLUS NET CP 443-1 versions prior to V3.3
SIPLUS NET CP 443-1 Advanced versions prior to V3.3
SIPLUS S7-300 CPU 314C-2 PN/DP versions prior to V3.3.16
SIPLUS S7-300 CPU 315-2 PN/DP versions prior to V3.2.16
SIPLUS S7-300 CPU 315F-2 PN/DP versions prior to V3.2.16
SIPLUS S7-300 CPU 317-2 PN/DP versions prior to V3.2.16
SIPLUS S7-300 CPU 317F-2 PN/DP versions prior to V3.2.16
SIPLUS S7-400 CPU 414-3 PN/DP V7 versions prior to V7.0.3
SIPLUS S7-400 CPU 416-3 PN/DP V7 versions prior to V7.0.3
Softnet PROFINET IO for PC-based Windows systems (affected versions not specified)
Description
The issue is related to insufficient input validation, which could allow an attacker to cause a denial of service condition by responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet. The attacker must be located on the same Ethernet segment (OSI Layer 2) as the targeted device. A manual restart is required to recover the system.
Recommendations
SIMATIC S7-400 CPU 414-3 PN/DP V7 versions prior to V7.0.3: Update to version V7.0.3 or later.
SIMATIC S7-400 CPU 414F-3 PN/DP V7 versions prior to V7.0.3: Update to version V7.0.3 or later.
SIMATIC S7-400 CPU 416-3 PN/DP V7 versions prior to V7.0.3: Update to version V7.0.3 or later.
SIMATIC S7-400 CPU 416F-3 PN/DP V7 versions prior to V7.0.3: Update to version V7.0.3 or later.
SIMATIC CP 343-1 (incl. SIPLUS variants): At the moment, there is no information about a newer version that contains a fix for this vulnerability.
SIMATIC CP 343-1 Advanced (incl. SIPLUS variants): At the moment, there is no information about a newer version that contains a fix for this vulnerability.
SIMATIC CP 443-1 versions prior to V3.3: Update to version V3.3 or later.
SIMATIC CP 443-1 Advanced versions prior to V3.3: Update to version V3.3 or later.
SIMATIC ET 200pro IM154-8 PN/DP CPU versions prior to V3.2.16: Update to version V3.2.16 or later.
SIMATIC ET 200pro IM154-8F PN/DP CPU versions prior to V3.2.16: Update to version V3.2.16 or later.
SIMATIC ET 200pro IM154-8FX PN/DP CPU versions prior to V3.2.16: Update to version V3.2.16 or later.
SIMATIC ET 200S IM151-8 PN/DP CPU versions prior to V3.2.16: Update to version V3.2.16 or later.
SIMATIC ET 200S IM151-8F PN/DP CPU versions prior to V3.2.16: Update to version V3.2.16 or later.
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions prior to V1.7.0: Update to version V1.7.0 or later.
SIMATIC S7-1500 Software Controller versions prior to V1.7.0: Update to version V1.7.0 or later.
SIMATIC S7-300 CPU 314C-2 PN/DP versions prior to V3.3.16: Update to version V3.3.16 or later.
SIMATIC S7-300 CPU 315-2 PN/DP versions prior to V3.2.16: Update to version V3.2.16 or later.
SIMATIC S7-300 CPU 315F-2 PN/DP versions prior to V3.2.16: Update to version V3.2.16 or later.
SIMATIC S7-300 CPU 315T-3 PN/DP versions prior to V3.2.16: Update to version V3.2.16 or later.
SIMATIC S7-300 CPU 317-2 PN/DP versions prior to V3.2.16: Update to version V3.2.16 or later.
SIMATIC S7-300 CPU 317F-2 PN/DP versions prior to V3.2.16: Update to version V3.2.16 or later.
SIMATIC S7-300 CPU 317T-3 PN/DP versions prior to V3.2.16: Update to version V3.2.16 or later.
SIMATIC S7-300 CPU 317TF-3 PN/DP versions prior to V3.2.16: Update to version V3.2.16 or later.
SIMATIC S7-300 CPU 319-3 PN/DP versions prior to V3.2.16: Update to version V3.2.16 or later.
SIMATIC S7-300 CPU 319F-3 PN/DP versions prior to V3.2.16: Update to version V3.2.16 or later.
SIMATIC S7-400 CPU 412-2 PN V7 versions prior to V7.0.3: Update to version V7.0.3 or later.
SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) versions prior to V6.0.9: Update to version V6.0.9 or later.
SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) versions prior to V6.0.7: Update to version V6.0.7 or later.
SIMATIC S7-410 CPU family (incl. SIPLUS variants) versions prior to V8.1: Update to version V8.1 or later.
SIMATIC WinAC RTX 2010 versions prior to V2010 SP3: Update to version V2010 SP3 or later.
SIMATIC WinAC RTX F 2010 versions prior to V2010 SP3: Update to version V2010 SP3 or later.
SINUMERIK 828D versions prior to V4.7 SP6 HF1: Update to version V4.7 SP6 HF1 or later.
SIPLUS ET 200S IM151-8 PN/DP CPU versions prior to V3.2.16: Update to version V3.2.16 or later.
SIPLUS ET 200S IM151-8F PN/DP CPU versions prior to V3.2.16: Update to version V3.2.16 or later.
SIPLUS NET CP 443-1 versions prior to V3.3: Update to version V3.3 or later.
SIPLUS NET CP 443-1 Advanced versions prior to V3.3: Update to version V3.3 or later.
SIPLUS S7-300 CPU 314C-2 PN/DP versions prior to V3.3.16: Update to version V3.3.16 or later.
SIPLUS S7-300 CPU 315-2 PN/DP versions prior to V3.2.16: Update to version V3.2.16 or later.
SIPLUS S7-300 CPU 315F-2 PN/DP versions prior to V3.2.16: Update to version V3.2.16 or later.
SIPLUS S7-300 CPU 317-2 PN/DP versions prior to V3.2.16: Update to version V3.2.16 or later.
SIPLUS S7-300 CPU 317F-2 PN/DP versions prior to V3.2.16: Update to version V3.2.16 or later.
SIPLUS S7-400 CPU 414-3 PN/DP V7 versions prior to V7.0.3: Update to version V7.0.3 or later.
SIPLUS S7-400 CPU 416-3 PN/DP V7 versions prior to V7.0.3: Update to version V7.0.3 or later.
Softnet PROFINET IO for PC-based Windows systems: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Cp 343-1
Simatic Cp 343-1 Advanced
Simatic Cp 443-1
Simatic Cp 443-1 Advanced
Simatic Et 200S Im151-8F Pn/Dp Cpu
Simatic Et 200Pro Im154-8F Pn/Dp Cpu
Simatic S7-1500 Cpu
Simatic S7-1500 Software Controller
Simatic S7-300 Cpu 314C-2 Pn/Dp
Simatic S7-300 Cpu 315F-2 Pn/Dp
Simatic S7-300 Cpu 315T-3 Pn/Dp
Simatic S7-300 Cpu 317F-2 Pn/Dp
Simatic S7-300 Cpu 317Tf-3 Pn/Dp
Simatic S7-300 Cpu 319F-3 Pn/Dp
Simatic S7-400 Cpu 412-2 Pn V7
Simatic S7-400 Cpu 414F-3 Pn/Dp V7
Simatic S7-400 Cpu 416-3 Pn/Dp V7
Simatic S7-400 H V6 Cpu
Simatic S7-400 Pn/Dp V6
Simatic S7-410 Cpu
Simatic Winac Rtx 2010
Sinumerik 828D
Siplus Et 200S Im151-8F Pn/Dp Cpu
Siplus Net Cp 443-1
Siplus Net Cp 443-1 Advanced
Siplus S7-300 Cpu 314C-2 Pn/Dp
Siplus S7-300 Cpu 315-2 Pn/Dp
Siplus S7-300 Cpu 317-2 Pn/Dp
Siplus S7-400 Cpu 414-3 Pn/Dp V7
Siplus S7-400 Cpu 416-3 Pn/Dp V7
Softnet Profinet Io For Pc-Based Windows Systems