Vulnerability Details : CVE-2016-2200
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2016-2200
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:*:*:*:*:*:*:*:*When used together with: Siemens » Simatic S7-1511-1 Pn CpuWhen used together with: Siemens » Simatic S7-1511c-1 Pn CpuWhen used together with: Siemens » Simatic S7-1511f-1 Pn CpuWhen used together with: Siemens » Simatic S7-1512c-1 Pn CpuWhen used together with: Siemens » Simatic S7-1513-1 Pn CpuWhen used together with: Siemens » Simatic S7-1513f-1 Pn CpuWhen used together with: Siemens » Simatic S7-1515-2 Pn CpuWhen used together with: Siemens » Simatic S7-1515f-2 Pn CpuWhen used together with: Siemens » Simatic S7-1516-3 Pn/dp CpuWhen used together with: Siemens » Simatic S7-1516f-3 Pn/dp CpuWhen used together with: Siemens » Simatic S7-1517-3 Pn/dp CpuWhen used together with: Siemens » Simatic S7-1517f-3 Pn/dp CpuWhen used together with: Siemens » Simatic S7-1518-4 Pn/dp CpuWhen used together with: Siemens » Simatic S7-1518f-4 Pn/dp Cpu
Exploit prediction scoring system (EPSS) score for CVE-2016-2200
0.78%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-2200
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-2200
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2200
-
http://www.securitytracker.com/id/1034954
Siemens SIMATIC S7-1500 CPU Controller Bugs Let Remote Users Bypass Replay Security Mechanisms and Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
https://ics-cert.us-cert.gov/advisories/ICSA-16-040-02
Siemens SIMATIC S7-1500 CPU Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/83106
Siemens SIMATIC S7-1500 CVE-2016-2200 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://cert-portal.siemens.com/productcert/pdf/ssa-253230.pdf
-
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-253230.pdf
Vendor Advisory
Jump to