CVE-2018-13815Insufficient Resource Pool in Siemens Simatic S7-1500 Firmware

CWE-410Insufficient Resource PoolCWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 36.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Siemens Simatic S7-1500 Firmware
Timeline
PublishedDec 13
Latest updateMay 13

Description

A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. The vulnerability, if exploited, could cause a Denial

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-jwv4-wwvg-5p94: A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V22022-05-13
CVEList
CVE-2018-13815: A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V22018-12-13
CVE-2018-13815 — Insufficient Resource Pool in Siemens | cvebase