CVE-2015-8214

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs' configuration was stored on their corresponding CPUs.

Se ha identificado una vulnerabilidad en SIMATIC NET CP 342-5 (incl. variantes de SIPLUS) (Todas las versiones), SIMATIC NET CP 343-1 Advanced (incl. variantes de SIPLUS) (Todas las versiones anteriores a V3.0.44), SIMATIC NET CP 343-1 Lean (incl. variantes de SIPLUS) (Todas las versiones anteriores a V3.1.1). variantes SIPLUS) (Todas las versiones anteriores a V3.1.1), SIMATIC NET CP 343-1 Standard (incl. variantes SIPLUS) (Todas las versiones anteriores a V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. variantes SIPLUS) (Todas las versiones anteriores a V3.2.9), SIMATIC NET CP 443-1 Standard (incl. variantes SIPLUS) (Todas las versiones anteriores a V3.0.44) SIPLUS) (Todas las versiones anteriores a V3.2.9), SIMATIC NET CP 443-5 Basic (incl. variantes SIPLUS) (Todas las versiones), SIMATIC NET CP 443-5 Extended (Todas las versiones), TIM 3V-IE / TIM 3V-IE Advanced (incl. variantes SIPLUS NET) (Todas las versiones anteriores a V2. 6.0), TIM 3V-IE DNP3 (incl. variantes SIPLUS NET) (Todas las versiones anteriores a V3.1.0), TIM 4R-IE (incl. variantes SIPLUS NET) (Todas las versiones anteriores a V2.6.0), TIM 4R-IE DNP3 (incl. variantes SIPLUS NET) (Todas las versiones anteriores a V3.1.0). La aplicación del nivel de protección de acceso implementado en los procesadores de comunicación (CP) afectados podría permitir a usuarios no autentificados realizar operaciones administrativas en los CP si el acceso a la red (puerto 102/TCP) está disponible y la configuración de los CP se almacenó en sus correspondientes CPU

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-11-16 CVE Reserved
2015-11-27 CVE Published
2024-08-06 CVE Updated
2025-04-27 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (4)

URL	Tag	Source
http://www.securityfocus.com/bid/78345	Vdb Entry
http://www.securitytracker.com/id/1034279	Vdb Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf	2021-04-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"	Simatic Cp 443-1 Firmware Search vendor "Siemens" for product "Simatic Cp 443-1 Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Simatic Cp 443-1 Search vendor "Siemens" for product "Simatic Cp 443-1"	*	-	Safe
Siemens Search vendor "Siemens"	Simatic Cp 443-1 Firmware Search vendor "Siemens" for product "Simatic Cp 443-1 Firmware"	*	advanced	Affected	in	Siemens Search vendor "Siemens"	Simatic Cp 443-1 Search vendor "Siemens" for product "Simatic Cp 443-1"	*	-	Safe
Siemens Search vendor "Siemens"	Simatic Tim 4r-ie Firmware Search vendor "Siemens" for product "Simatic Tim 4r-ie Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Simatic Tim 4r-ie Search vendor "Siemens" for product "Simatic Tim 4r-ie"	*	-	Safe
Siemens Search vendor "Siemens"	Simatic Tim 4r-ie Firmware Search vendor "Siemens" for product "Simatic Tim 4r-ie Firmware"	*	dnp3	Affected	in	Siemens Search vendor "Siemens"	Simatic Tim 4r-ie Search vendor "Siemens" for product "Simatic Tim 4r-ie"	*	-	Safe
Siemens Search vendor "Siemens"	Simatic Cp 343-1 Firmware Search vendor "Siemens" for product "Simatic Cp 343-1 Firmware"	*	lean	Affected	in	Siemens Search vendor "Siemens"	Simatic Cp 343-1 Search vendor "Siemens" for product "Simatic Cp 343-1"	-	-	Safe
Siemens Search vendor "Siemens"	Simatic Cp 343-1 Firmware Search vendor "Siemens" for product "Simatic Cp 343-1 Firmware"	<= 3.0 Search vendor "Siemens" for product "Simatic Cp 343-1 Firmware" and version " <= 3.0"	advanced	Affected	in	Siemens Search vendor "Siemens"	Simatic Cp 343-1 Search vendor "Siemens" for product "Simatic Cp 343-1"	-	-	Safe
Siemens Search vendor "Siemens"	Simatic Tim 3v-ie Firmware Search vendor "Siemens" for product "Simatic Tim 3v-ie Firmware"	-	-	Affected	in	Siemens Search vendor "Siemens"	Simatic Tim 3v-ie Search vendor "Siemens" for product "Simatic Tim 3v-ie"	*	-	Safe
Siemens Search vendor "Siemens"	Simatic Tim 3v-ie Firmware Search vendor "Siemens" for product "Simatic Tim 3v-ie Firmware"	-	advanced	Affected	in	Siemens Search vendor "Siemens"	Simatic Tim 3v-ie Search vendor "Siemens" for product "Simatic Tim 3v-ie"	*	-	Safe
Siemens Search vendor "Siemens"	Simatic Tim 3v-ie Firmware Search vendor "Siemens" for product "Simatic Tim 3v-ie Firmware"	-	dnp3	Affected	in	Siemens Search vendor "Siemens"	Simatic Tim 3v-ie Search vendor "Siemens" for product "Simatic Tim 3v-ie"	*	-	Safe