CVE-2018-4850

Опубликовано: 16 мая 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below (All versions), SIMATIC S7-400 (incl. F) CPU hardware version 5.0 (All firmware versions < V5.2), SIMATIC S7-400H CPU hardware version 4.5 and below (All versions). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart.

Ссылки

http://www.securityfocus.com/bid/104217
Third Party Advisory
VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf
Vendor Advisory
https://www.siemens.com/global/en/home/products/services/cert.html#SecurityPublications
Vendor Advisory
http://www.securityfocus.com/bid/104217
Third Party Advisory
VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf
Vendor Advisory
https://www.siemens.com/global/en/home/products/services/cert.html#SecurityPublications
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:siemens:simatic_s7-400_firmware:*:*:*:*:*:*:*:*

Версия до 4.0 (включая)

cpe:2.3:h:siemens:simatic_s7-400:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:siemens:simatic_s7-400_firmware:*:*:*:*:*:*:*:*

Версия до 5.2 (исключая)

cpe:2.3:h:siemens:simatic_s7-400:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:siemens:simatic_s7-400h_firmware:*:*:*:*:*:*:*:*

Версия до 4.5 (включая)

cpe:2.3:h:siemens:simatic_s7-400h:-:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00511

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

NVD-CWE-noinfo

Связанные уязвимости

GHSA-9c5r-829c-7rjc

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 66%

0.00511

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

NVD-CWE-noinfo