CVE-2016-8562

A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.

CVSS v3 7.5 HIGH
CVSS v2.0 3.5 LOW

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:N/A:P

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/94436	Broken Link Third Party Advisory VDB Entry
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf	Broken Link Patch Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf	Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*

History

24 Jul 2024, 14:26

Type	Values Removed	Values Added
First Time		Siemens siplus Net Cp 1543-1 Firmware Siemens siplus Net Cp 1543-1
CPE	cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:-:::::::*	cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:::::::* cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:::::::: cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware::::::::
CVSS	v2 : ~~3.5~~ v3 : ~~5.3~~	v2 : 3.5 v3 : 7.5
CWE	~~CWE-20~~	NVD-CWE-noinfo
References	~~() http://www.securityfocus.com/bid/94436 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/94436 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf - Patch, Vendor Advisory~~	() http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf - Broken Link, Patch, Vendor Advisory
References	~~() https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf -~~	() https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf - Vendor Advisory
References	~~() https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01 -~~	() https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01 - Third Party Advisory, US Government Resource

Information

Published : 2016-11-18 21:59

Updated : 2024-07-24 14:26

NVD link : CVE-2016-8562

Mitre link : CVE-2016-8562

CVE.ORG link : CVE-2016-8562

JSON object : View

Products Affected

siemens

siplus_net_cp_1543-1_firmware
siplus_net_cp_1543-1
simatic_cp_1543-1
simatic_cp_1543-1_firmware

CWE

NVD-CWE-noinfo

7.5 /10