CVE-2016-8562
Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
YesDecision
Descriptions
A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.
Se ha identificado una vulnerabilidad en SIMATIC CP 1543-1 (Todas las versiones < V2.0.28), SIPLUS NET CP 1543-1 (Todas las versiones < V2.0.28). En condiciones especiales era posible escribir variables SNMP en el puerto 161/udp que deberían ser de sólo lectura y sólo deberían configurarse con TIA-Portal. Una escritura en estas variables podría reducir la disponibilidad o causar una denegación de servicio
An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-10-07 CVE Reserved
- 2016-11-18 CVE Published
- 2022-03-03 Exploited in Wild
- 2022-03-24 KEV Due Date
- 2024-07-25 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- First Exploit
CWE
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/94436 | Broken Link | |
https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf | 2024-07-24 |
URL | Date | SRC |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf | 2024-07-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Siemens Search vendor "Siemens" | Simatic Cp 1543-1 Firmware Search vendor "Siemens" for product "Simatic Cp 1543-1 Firmware" | < 2.0.28 Search vendor "Siemens" for product "Simatic Cp 1543-1 Firmware" and version " < 2.0.28" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Cp 1543-1 Search vendor "Siemens" for product "Simatic Cp 1543-1" | - | - |
Safe
|
Siemens Search vendor "Siemens" | Siplus Net Cp 1543-1 Firmware Search vendor "Siemens" for product "Siplus Net Cp 1543-1 Firmware" | < 2.0.28 Search vendor "Siemens" for product "Siplus Net Cp 1543-1 Firmware" and version " < 2.0.28" | - |
Affected
| in | Siemens Search vendor "Siemens" | Siplus Net Cp 1543-1 Search vendor "Siemens" for product "Siplus Net Cp 1543-1" | - | - |
Safe
|