CVE-2018-16559

Name of the Vulnerable Software and Affected Versions SIMATIC S7-1500 CPU versions V2.0 through V2.5 SIMATIC S7-1500 CPU versions V1.8.5 and earlier

Description A vulnerability has been identified that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device by sending specially crafted network packets to port 80/tcp or 443/tcp. The security vulnerability could be exploited by an attacker with network access to the affected systems on these ports. Successful exploitation requires no system privileges and no user interaction, allowing an attacker to compromise the availability of the device. The vulnerability is related to insufficient input data validation. At the time of advisory publication, no public exploitation of this security vulnerability was known.

Recommendations For SIMATIC S7-1500 CPU versions V2.0 through V2.5, restrict access to ports 80/tcp and 443/tcp to minimize the risk of exploitation. For SIMATIC S7-1500 CPU versions V1.8.5 and earlier, restrict access to ports 80/tcp and 443/tcp to minimize the risk of exploitation. As a temporary workaround, consider implementing network access controls to limit the ability of attackers to send specially crafted network packets to the affected systems.