CVE-2018-16557Improper Verification of Cryptographic Signature in Siemens Simatic S7-400h Firmware

CWE-347Improper Verification of Cryptographic Signature3 documents3 sources
Severity
7.5HIGHNVD
CNA8.2
EPSS
0.1%
top 73.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
24
Siemens Simatic S7-400h FirmwareSiemens Simatic S7-410 FirmwareSiemens Simatic S7-400 Firmware+21 more
Timeline
PublishedDec 13
Latest updateMay 13

Description

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), S

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages24 packages

CVEListV5siemens/simatic_s7-410_cpu_familyAll versions < V8.2.1
CVEListV5siemens/simatic_s7-400_h_v6_cpu_familyAll versions < V6.0.9

🔴Vulnerability Details

2
GHSA
GHSA-5wjq-9mm7-ccm8: A vulnerability has been identified in SIMATIC S7-400 (incl2022-05-13
CVEList
CVE-2018-16557: A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CP2018-12-13
CVE-2018-16557 — Siemens vulnerability | cvebase