Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-9158

Опубликовано: 17 дек. 2016
Источник: nvd
CVSS3: 7.5
CVSS2: 7.8
EPSS Низкий

Описание

A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:-:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:siemens:simatic_s7-300_cpu_312:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_pn\/dp:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_317-_2_dp:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_pn\/dp:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_319-3_pn\/dp:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:siemens:simatic_s7-400_cpu_firmware:-:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:siemens:simatic_s7-400_cpu_412-1:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_412-2:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_412-2_pn:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_414-2:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3_pn\/dp:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_416-2:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3_pn\/dp:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_416f-2:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_416f-3_pn\/dp:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_417-4:-:*:*:*:*:*:*:*

EPSS

Процентиль: 78%
0.01146
Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-20
CWE-20

Связанные уязвимости

github логотип

GHSA-pmf4-x4c5-385f

CVSS3: 7.5
github
больше 3 лет назад

A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system.

EPSS

Процентиль: 78%
0.01146
Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-20
CWE-20