Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-9159

Опубликовано: 17 дек. 2016
Источник: nvd
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:-:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:siemens:simatic_s7-300_cpu_312:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_pn\/dp:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_317-_2_dp:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_pn\/dp:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_319-3_pn\/dp:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:siemens:simatic_s7-400_cpu_firmware:-:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:siemens:simatic_s7-400_cpu_412-1:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_412-2:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_412-2_pn:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_414-2:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3_pn\/dp:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_416-2:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3_pn\/dp:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_416f-2:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_416f-3_pn\/dp:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_cpu_417-4:-:*:*:*:*:*:*:*

EPSS

Процентиль: 55%
0.00327
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200
CWE-200

Связанные уязвимости

github логотип

GHSA-xx5q-4wf5-7xrj

CVSS3: 5.9
github
больше 3 лет назад

A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices.

EPSS

Процентиль: 55%
0.00327
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200
CWE-200