CVE-2018-16556: CVE-2018-16556

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-16556

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

输入验证不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

Siemens SIMATIC S7-400 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Siemens SIMATIC S7-400是德国西门子（Siemens）公司的一款用于制造和过程自动化领域的可编程逻辑控制器产品。 Siemens SIMATIC S7-400中存在输入验证错误漏洞，该漏洞源于网络系统或产品未对输入的数据进行正确的验证。以下产品及版本受到影响：Siemens S7-400 6及之前版本(包括F)，S7-400 PN/DP 7所有版本(包括F)，S7-400H 4.5及之前版本，S7-400H 6所有版本，S7-410 8.2.1之前版本。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Siemens	SIMATIC S7-400 CPU 412-1 DP V7	All versions	-
Siemens	SIMATIC S7-400 CPU 412-2 DP V7	All versions	-
Siemens	SIMATIC S7-400 CPU 414-2 DP V7	All versions	-
Siemens	SIMATIC S7-400 CPU 414-3 DP V7	All versions	-
Siemens	SIMATIC S7-400 CPU 414-3 PN/DP V7	All versions < V7.0.3	-
Siemens	SIMATIC S7-400 CPU 414F-3 PN/DP V7	All versions < V7.0.3	-
Siemens	SIMATIC S7-400 CPU 416-2 DP V7	All versions	-
Siemens	SIMATIC S7-400 CPU 416-3 DP V7	All versions	-
Siemens	SIMATIC S7-400 CPU 416-3 PN/DP V7	All versions < V7.0.3	-
Siemens	SIMATIC S7-400 CPU 416F-2 DP V7	All versions	-
Siemens	SIMATIC S7-400 CPU 416F-3 PN/DP V7	All versions < V7.0.3	-
Siemens	SIMATIC S7-400 CPU 417-4 DP V7	All versions	-
Siemens	SIMATIC S7-400 CPU 412-2 PN V7	All versions < V7.0.3	-
Siemens	SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants)	All versions	-
Siemens	SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)	All versions < V6.0.9	-
Siemens	SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)	All versions	-
Siemens	SIMATIC S7-410 CPU family (incl. SIPLUS variants)	All versions < V8.2.1	-
Siemens	SIPLUS S7-400 CPU 414-3 PN/DP V7	All versions < V7.0.3	-
Siemens	SIPLUS S7-400 CPU 416-3 PN/DP V7	All versions < V7.0.3	-
Siemens	SIPLUS S7-400 CPU 416-3 V7	All versions	-
Siemens	SIPLUS S7-400 CPU 417-4 V7	All versions	-

II. Public POCs for CVE-2018-16556

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-16556

Please Login to view more intelligence information

New Vulnerabilities

Product: SIMATIC S7-400 CPU 412-1 DP V7

CVE-2018-16557
Siemens SIMATIC S7-400 数据伪造问题漏洞

Vendor: Siemens

Same weakness: CWE-20

V. Comments for CVE-2018-16556

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2018-16556

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-16556

III. Intelligence Information for CVE-2018-16556

New Vulnerabilities

V. Comments for CVE-2018-16556

Leave a comment