CVE-2016-9158 — Improper Input Validation in AG Simatic S7-300 CPU Family

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 21.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens AG Simatic S7-300 CPU Family Siemens AG Simatic S7-400 PN DP V6 AND Below CPU Family Siemens AG Simatic S7-400 PN DP V7 CPU Family +2 more

Timeline

PublishedDec 17

Latest updateMay 13

Description

A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affect…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5siemens_ag/simatic_s7-400_v6_and_earlier_cpu_familyAll versions

▶CVEListV5siemens_ag/simatic_s7-400_pn_dp_v6_and_below_cpu_familyAll versions

▶CVEListV5siemens_ag/simatic_s7-300_cpu_familyAll versions

▶CVEListV5siemens_ag/simatic_s7-400_v7_cpu_familyAll versions

▶CVEListV5siemens_ag/simatic_s7-400_pn_dp_v7_cpu_familyAll versions

🔴Vulnerability Details

GHSA

GHSA-pmf4-x4c5-385f: A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl↗2022-05-13

▶

CVEList

CVE-2016-9158: A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl↗2016-12-17

▶