CVE-2016-8562
published 2016-11-18CVE-2016-8562: A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it…
PriorityP276high7.5CVSS 3.1
AVNACHPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-03-24
Exploited in the wild
EPSS
3.62%
88.1th percentile
A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_cp_1543-1_firmware | < 2.0.28 | 2.0.28 |
| siemens | siplus_net_cp_1543-1_firmware | < 2.0.28 | 2.0.28 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthorized SNMP write requests (SET operations) to port 161/UDP targeting SIMATIC CP 1543-1 devices, as the vulnerability allows writing to read-only SNMP variables under special conditions. ↗
- →Flag any SNMP SET requests originating from non-TIA-Portal sources directed at SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) or SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) devices running firmware versions prior to v2.0.28. ↗
- ·Exploitation requires 'special conditions' and is rated high attack complexity (AC:H), meaning opportunistic exploitation is less likely but targeted attacks against exposed SNMP ports remain a risk. ↗
- ·No known public exploits specifically target this vulnerability as of advisory publication. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
vulncheck7.5HIGH
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f87x-hp4c-9cvw: A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2
ghsa_unreviewed·2022-05-13
CVE-2016-8562 [MEDIUM] CWE-20 GHSA-f87x-hp4c-9cvw: A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2
A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.
VulnCheck
Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability
vulncheck·2016·CVSS 7.5
CVE-2016-8562 [HIGH] CWE-20 Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability
Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability
An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service.
Affected: Siemens SIMATIC CP
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-03-24
CISA
Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability
cisa·2022-03-03·CVSS 7.5
CVE-2016-8562 [HIGH] CWE-20 Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability
Vulnerability: Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability
Affected: Siemens SIMATIC CP
An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2016-8562
Remediation Due Date: 2022-03-24
CISA ICS
Siemens SIMATIC CP 1543-1 (Update A)
cisa_ics·2016-11-22·CVSS 6.6
[MEDIUM] Siemens SIMATIC CP 1543-1 (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SIMATIC CP 1543-1 (Update A)
Last RevisedApril 14, 2022
Alert CodeICSA-16-327-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 6.6
- ATTENTION: Exploitable remotely
- Vendor: Siemens
- Equipment: SIMATIC CP 1543-1
- Vulnerability: Improper Input Validation, Improper Privilege Management
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-16-327-01 Siemens SIMATIC CP 1543-1 Vulnerabilities that was published November 22, 2016, on the ICS webpage on www.cisa.gov/uscert.
## 3. RISK EVALUATION
Successful exploitation of these vulner
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/94436http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdfhttps://ics-cert.us-cert.gov/advisories/ICSA-16-327-01http://www.securityfocus.com/bid/94436http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdfhttps://ics-cert.us-cert.gov/advisories/ICSA-16-327-01https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-8562
2016-11-18
Published
2022-03-03
Added to CISA KEV
Exploited in the wild