Headline

CVE-2018-4843

A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (incl. F) (All versions < V1.7.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.16), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a Denial-of-Service condition of the requesting system.

The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. A manual restart is required to recover the system.

At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected.

6 years ago

CVE

Open in Source

#vulnerability #windows #dos #pdf

%PDF-1.5 %�� 87 0 obj << /Length 2552 /Filter /FlateDecode >> stream x��[Ks�8��W�HV� ��8��<��٭�8��F��O��v�,J�,��F�C�� C�� M�q�vx��h��\’��Pb�N�sD1��ɗtPw�t��-�Y��~��r1�NA��G�W��l�Ug�W<=�~�rr><�� h�P��N��N�1��%�D8�<�’��QR@{�N�uB��kC&.�(M��dZI��+��0A�4f ��648�)�)5o�Ĕ"��3�"��j�u �?��#�1I�2��4%L�� 2��f��A��K��^7 ȩ}T�D�)�.�k�� w-#̣��L�t9��r�f�� i��Ch V��Êݮu�0�Us�Eq@��N ,%��Z��N�-#Lnl��t�\Ts��H)��>��]�,�LS��9��穅_�&�lpfOM�U�+"��R��’�(��4�߻�*�QZ�SN��Q��’�=ƈ{��?�*��Q�0�8�Q��Tu��ϋix�Y��%�,�aĶ�� �z�/��0Z��V�F,�fD�&m�3%[�LRY�F�Z#ӸH��?�^e��7�g��%’�tx��{��Y�$��_�LC0�;G�i5�M&�[��瀂p.�ooQP1��q�UG9�X�,��/3�"e #��Q}˫ z4[N��|2�eL�q�i쮪|�1��s"G{ 3��r�˰� ��ߋ�� 0.k�Up#��©?��t>�R�.CcZT��,��{È�q��g��e�U^ƹF�|��[T�tT,2�D��mn0�p�|9/�tV�~�|F?�o�[&]��i�*ʴ��pK#.x� � �>.B�<� �_D�<��Qx5��+BG��0�{?��:��1%�Bɀ�[��z��^ ��v�Ӫ�ߢN9��]�[)6��h��)��n�JӬK��p4��y��б�l[�?�)��5?�M��GT�7�+�F୆�ӯ��"<�w<��;/��pd�*�O��u�f+��؍�u��}1*��op_��;�k9��Ih��6�,G��

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago