Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2018-13805
HistoryOct 10, 2018 - 5:29 p.m.

CVE-2018-13805

2018-10-1017:29:04
CWE-400
[email protected]
web.nvd.nist.gov
35
vulnerability
denial-of-service
simatic
plc
network stack
nvd
cve-2018-13805

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.2%

JSON

A vulnerability has been identified in SIMATIC ET 200SP Open Controller (All versions >= V2.0 and < V2.1.6), SIMATIC S7-1500 Software Controller (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 incl. F (All versions >= V2.0 and < V2.5). An attacker can cause a denial-of-service condition on the network stack by sending a large number of specially crafted packets to the PLC. The PLC will lose its ability to communicate over the network. This vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. An attacker could use this vulnerability to compromise availability of the network connectivity. At the time of advisory publication no public exploitation of this vulnerability was known.

Affected configurations

NVD
Node
siemenssimatic_et_200sp_firmwareRange2.0
AND
siemenssimatic_et_200spMatch-
Node
siemenssimatic_s7-1500_firmwareRange2.02.5
AND
siemenssimatic_s7-1500Match-
Node
siemenssimatic_s7-1500f_firmwareRange2.02.5
AND
siemenssimatic_s7-1500fMatch-

CNA Affected

[
  {
    "product": "SIMATIC ET 200SP Open Controller",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.0 and < V2.1.6"
      }
    ]
  },
  {
    "product": "SIMATIC S7-1500 Software Controller",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.0 and < V2.5"
      }
    ]
  },
  {
    "product": "SIMATIC S7-1500 incl. F",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.0 and < V2.5"
      }
    ]
  }
]

Related

nessus 2
cvelist 1
prion 1
ics 1
nvd 1
nessus
nessus
Siemens SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP OpenController Improper Input Validation (CVE-2018-13805)
2022-02-07 00:00:00
Siemens Simatic Uncontrolled Resource Consumption
2019-11-08 00:00:00
cvelist
cvelist
CVE-2018-13805
2018-10-10 17:00:00
prion
prion
Design/Logic Flaw
2018-10-10 17:29:00
ics
ics
Siemens SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP OpenController (Update A)
2019-02-12 12:00:00
nvd
nvd
CVE-2018-13805
2018-10-10 17:29:04

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.2%

JSON
Related for CVE-2018-13805
nessus2cvelist1prion1ics1nvd1