CVE-2018-13805 — Uncontrolled Resource Consumption in Siemens Simatic S7-1500 Firmware

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 34.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic S7-1500 Firmware Siemens Simatic S7-1500f Firmware Siemens AG Simatic ET 200sp Open Controller +3 more

Timeline

PublishedOct 10

Latest updateMay 14

Description

A vulnerability has been identified in SIMATIC ET 200SP Open Controller (All versions >= V2.0 and = V2.0 and = V2.0 and < V2.5). An attacker can cause a denial-of-service condition on the network stack by sending a large number of specially crafted packets to the PLC. The PLC will lose its ability to communicate over the network. This vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5siemens_ag/simatic_et_200sp_open_controllerAll versions >= V2.0 and < V2.1.6

▶NVDsiemens/simatic_et_200sp_firmware

▶CVEListV5siemens_ag/simatic_s7-1500_software_controllerAll versions >= V2.0 and < V2.5

▶NVDsiemens/simatic_s7-1500_firmware2.0 — 2.5

▶NVDsiemens/simatic_s7-1500f_firmware2.0 — 2.5

🔴Vulnerability Details

GHSA

GHSA-mxvx-9h7h-6vxh: A vulnerability has been identified in SIMATIC ET 200SP Open Controller (All versions >= V2↗2022-05-14

▶

CVEList

CVE-2018-13805: A vulnerability has been identified in SIMATIC ET 200SP Open Controller (All versions >= V2↗2018-10-10

▶