目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CVE-2018-16557— Siemens SIMATIC S7-400 数据伪造问题漏洞

CVSS 8.2 · High EPSS 0.82% · P52
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2018-16557 基础信息

漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
密码学签名的验证不恰当
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Siemens SIMATIC S7-400 数据伪造问题漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Siemens SIMATIC S7-400是德国西门子(Siemens)公司的一款用于制造和过程自动化领域的可编程逻辑控制器产品。 Siemens SIMATIC S7-400中存在数据伪造问题漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。以下产品及版本受到影响:Siemens S7-400 6及之前版本(包括F),S7-400 PN/DP 7所有版本(包括F),S7-400H 4.5及之前版本,S7-400H 6所有版本,S7-410 8.2.1之前版本。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
SiemensSIMATIC S7-400 CPU 412-1 DP V7 All versions -
SiemensSIMATIC S7-400 CPU 412-2 DP V7 All versions -
SiemensSIMATIC S7-400 CPU 414-2 DP V7 All versions -
SiemensSIMATIC S7-400 CPU 414-3 DP V7 All versions -
SiemensSIMATIC S7-400 CPU 414-3 PN/DP V7 All versions < V7.0.3 -
SiemensSIMATIC S7-400 CPU 414F-3 PN/DP V7 All versions < V7.0.3 -
SiemensSIMATIC S7-400 CPU 416-2 DP V7 All versions -
SiemensSIMATIC S7-400 CPU 416-3 DP V7 All versions -
SiemensSIMATIC S7-400 CPU 416-3 PN/DP V7 All versions < V7.0.3 -
SiemensSIMATIC S7-400 CPU 416F-2 DP V7 All versions -
SiemensSIMATIC S7-400 CPU 416F-3 PN/DP V7 All versions < V7.0.3 -
SiemensSIMATIC S7-400 CPU 417-4 DP V7 All versions -
SiemensSIMATIC S7-400 CPU 412-2 PN V7 All versions < V7.0.3 -
SiemensSIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) All versions -
SiemensSIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) All versions < V6.0.9 -
SiemensSIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) All versions -
SiemensSIMATIC S7-410 CPU family (incl. SIPLUS variants) All versions < V8.2.1 -
SiemensSIPLUS S7-400 CPU 414-3 PN/DP V7 All versions < V7.0.3 -
SiemensSIPLUS S7-400 CPU 416-3 PN/DP V7 All versions < V7.0.3 -
SiemensSIPLUS S7-400 CPU 416-3 V7 All versions -
SiemensSIPLUS S7-400 CPU 417-4 V7 All versions -

二、漏洞 CVE-2018-16557 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2018-16557 的情报信息

登录查看更多情报信息。

CVE-2018-16557 厂商安全公告 (1)

IV. Related Vulnerabilities

Same product: SIMATIC S7-400 CPU 412-1 DP V7
Same vendor: Siemens
Same weakness: CWE-347

V. Comments for CVE-2018-16557

暂无评论

发表评论