CVE-2016-9158

🗓️ 17 Dec 2016 03:34:00Reported by siemensType

CVE-2016-9158: Vulnerability in SIMATIC S7-300/400 CPUs allows remote attackers to cause defect mode via crafted packets on port 80/tcp. Cold restart required for recovery

Reporter	Title	Published	Views	Family All 13
Tenable Nessus	Siemens S7-400 Packet Handling Remote DOS	21 May 201900:00	–	nessus
Tenable Nessus	Siemens S7-300 Packet Handling Remote DOS	21 May 201900:00	–	nessus
Tenable Nessus	Siemens Simatic Improper Input Validation	8 Nov 201900:00	–	nessus
Tenable Nessus	Siemens S7-300/400 PLC (CVE-2016-9158)	7 Feb 202200:00	–	nessus
Tenable Nessus	Siemens S7-300/400 PLC (CVE-2016-9159)	7 Feb 202200:00	–	nessus
CNVD	SIMATIC S7-300 and S7-400 CPU Denial of Service Vulnerability	15 Dec 201600:00	–	cnvd
Cvelist	CVE-2016-9158	17 Dec 201603:34	–	cvelist
EUVD	EUVD-2016-9975	7 Oct 202500:30	–	euvd
ICS	Siemens S7-300/400 PLC Vulnerabilities (Update E)	10 Mar 202012:00	–	ics
NVD	CVE-2016-9158	17 Dec 201603:59	–	nvd

NVD

Node

siemens simatic_s7-300_cpu_firmwareMatch-

AND

siemens simatic_s7-300_cpu_312Match-

siemens simatic_s7-300_cpu_314Match-

siemens simatic_s7-300_cpu_315-2_dpMatch-

siemens simatic_s7-300_cpu_315-2_pn/dpMatch-

siemens simatic_s7-300_cpu_317-_2_dpMatch-

siemens simatic_s7-300_cpu_317-2_pn/dpMatch-

siemens simatic_s7-300_cpu_319-3_pn/dpMatch-

Node

siemens simatic_s7-400_cpu_firmwareMatch-

AND

siemens simatic_s7-400_cpu_412-1Match-

siemens simatic_s7-400_cpu_412-2Match-

siemens simatic_s7-400_cpu_412-2_pnMatch-

siemens simatic_s7-400_cpu_414-2Match-

siemens simatic_s7-400_cpu_414-3Match-

siemens simatic_s7-400_cpu_414-3_pn/dpMatch-

siemens simatic_s7-400_cpu_416-2Match-

siemens simatic_s7-400_cpu_416-3Match-

siemens simatic_s7-400_cpu_416-3_pn/dpMatch-

siemens simatic_s7-400_cpu_416f-2Match-

siemens simatic_s7-400_cpu_416f-3_pn/dpMatch-

siemens simatic_s7-400_cpu_417-4Match-

[
  {
    "product": "SIMATIC S7-300 CPU family",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC S7-400 V6 and earlier CPU family",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC S7-400 V7 CPU family",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

Source	Link
siemens	www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf
securitytracker	www.securitytracker.com/id/1037434
ics-cert	www.ics-cert.us-cert.gov/advisories/ICSA-16-348-05
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf
securityfocus	www.securityfocus.com/bid/94820

02 Jun 2026 20:16Current

7.4High risk

Vulners AI Score7.4

CVSS 37.5

CVSS 27.8

CVSS 3.17.5

EPSS0.01146

SSVC

CWE-20