| |
 Vulnerabilities for 'Simatic s7-300 firmware'
CWE-20
|
A vulnerability has been identified in CP1604 (All versions), CP1616 (All versions), SIMATIC CP343-1 Advanced (All versions), SIMATIC CP443-1 (All versions), SIMATIC CP443-1 Advanced (All versions), SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 SP Open Controller CPU 1515SP PC (All versions < V2.1.6), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions), SIMATIC HMI Comfort Panels 4" - 22" (All versions), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC RF181-EIP (All versions), SIMATIC RF182C (All versions), SIMATIC RF185C (All versions < V1.1.0), SIMATIC RF186C (All versions < V1.1.0), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (All versions < V2.6.1), SIMATIC S7-1500 Software Controller (All versions < V2.7), SIMATIC S7-300 CPU family (All versions < V3.X.16), SIMATIC S7-400 PN (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V2.0 SP1 UPD1), SIMATIC Teleservice Adapter IE Advanced (All versions), SIMATIC Teleservice Adapter IE Basic (All versions), SIMATIC Teleservice Adapter IE Standard (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMATIC WinCC Runtime Advanced (All versions), SIMOCODE pro V EIP (All versions), SIMOCODE pro V PN (All versions), SINAMICS G130 V4.6 (Control Unit) (All versions), SINAMICS G130 V4.7 (Control Unit) (All versions), SINAMICS G130 V4.7 SP1 (Control Unit) (All versions), SINAMICS G130 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS G130 V5.1 (Control Unit) (All versions), SINAMICS G130 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS G150 V4.6 (Control Unit) (All versions), SINAMICS G150 V4.7 (Control Unit) (All versions), SINAMICS G150 V4.7 SP1 (Control Unit) (All versions), SINAMICS G150 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS G150 V5.1 (Control Unit) (All versions), SINAMICS G150 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S120 V4.6 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S120 V4.7 SP1 (Control Unit) (All versions), SINAMICS S120 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS S120 V5.1 (Control Unit) (All versions), SINAMICS S120 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S150 V4.6 (Control Unit) (All versions), SINAMICS S150 V4.7 (Control Unit) (All versions), SINAMICS S150 V4.7 SP1 (Control Unit) (All versions), SINAMICS S150 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS S150 V5.1 (Control Unit) (All versions), SINAMICS S150 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S210 V5.1 (Control Unit) (All versions), SINAMICS S210 V5.1 SP1 (Control Unit) (All versions), SITOP Manager (All versions), SITOP PSU8600 (All versions), SITOP UPS1600 (All versions), TIM 1531 IRC (All versions). The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
|
|
CWE-20
|
A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All versions), SIMATIC CP 343-1 Standard (All versions), SIMATIC CP 443-1 Advanced (All versions), SIMATIC CP 443-1 Standard (All versions), SIMATIC S7-1500 Software Controller incl. F (All versions < V1.7.0), SIMATIC S7-1500 incl. F (All versions < V1.7.0), SIMATIC S7-300 incl. F and T (All versions < V3.X.16), SIMATIC S7-400 H V6 (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions), SIMATIC S7-410 (All versions < V8.1), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a Denial-of-Service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. A manual restart is required to recover the system. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected.
|
|
CWE-noinfo
|
A vulnerability has been identified in SIMATIC S7-200 Smart (All versions < V2.03.01), SIMATIC S7-400 PN V6 (All versions < V6.0.6), SIMATIC S7-400 H V6 (All versions < V6.0.8), SIMATIC S7-400 PN/DP V7 (All versions < V7.0.2), SIMATIC S7-410 V8 (All versions < V8.2.1), SIMATIC S7-300 (All versions < V3.X.16), SIMATIC S7-1200 (All versions < V4.2.3), SIMATIC S7-1500 (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC WinAC RTX 2010 incl. F (All versions), SIMATIC ET 200AL (All versions), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions < V4.0.2), SIMATIC ET 200MP IM155-5 PN ST (All versions < V4.1), SIMATIC ET 200MP IM155-5 PN HF (All versions < V4.2), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM155-6 PN HF (All versions < V4.2.0), SIMATIC ET 200SP IM155-6 PN HA (All versions < V1.1.0), SIMATIC ET 200SP IM155-6 PN BA (All versions), SIMATIC ET 200SP IM155-6 PN ST (All versions), SIMATIC ET 200SP IM155-6 PN HS (All versions), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5), SIMOTION D (All versions < V5.1 HF1), SIMOTION C (All versions < V5.1 HF1), SIMOTION P V4.4 and V4.5 (All versions < V4.5 HF5), SIMOTION P V5 (All versions < V5.1 HF1), SINAMICS DCM w. PN (All versions < V1.4 SP1 HF6), SINAMICS DCP w. PN (All versions < V1.2 HF2), SINAMICS G110M w. PN (All versions < V4.7 SP9 HF1), SINAMICS G120 (C/P/D) w. PN (All versions < V4.7 SP9 HF1), SINAMICS G130 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS G130 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS G150 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS G150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS S110 w. PN (All versions < V4.4 SP3 HF6), SINAMICS S120 prior to V4.7 w. PN (All versions < V4.7), SINAMICS S120 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS S120 V4.7 SP1 w. PN (All versions), SINAMICS S120 V4.8 w. PN (All versions < V4.8 HF5), SINAMICS S150 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS S150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS V90 w. PN (All versions < V1.02), SINUMERIK 840D sl (All versions), SIMATIC Compact Field Unit (All versions), SIMATIC PN/PN Coupler (All versions < V4.2.0), SIMOCODE pro V PROFINET (All versions < V2.1.1), SIRIUS Soft Starter 3RW44 PN (All versions), SIMOCODE pro V EIP (All versions < V1.0.2). Specially crafted packets sent to port 161/udp could cause a Denial-of-Service condition. The affected devices must be restarted manually.
|
|
CWE-20
|
A vulnerability has been identified in SIMATIC CP 343-1 Std (All versions), SIMATIC CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std (All versions < V3.2.17), SIMATIC CP 443-1 Adv (All versions < V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions < V2.1.82), SIMATIC CP 1243-1 IRC (All versions < V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions < V2.0), SIMATIC CM 1542SP-1 (All versions < V1.0.15), SIMATIC CP 1542SP-1 IRC (All versions < V1.0.15), SIMATIC CP 1543SP-1 (All versions < V1.0.15), SIMATIC CP 1543-1 (All versions < V2.1), SIMATIC RF650R (All versions < V3.0), SIMATIC RF680R (All versions < V3.0), SIMATIC RF685R (All versions < V3.0), SIMATIC CP 1616 (All versions < V2.7), SIMATIC CP 1604 (All versions < V2.7), SIMATIC DK-16xx PN IO (All versions < V2.7), SCALANCE X-200 (All versions < V5.2.2), SCALANCE X-200 IRT (All versions), SCALANCE X-300/X408 (All versions < V4.1.0), SCALANCE X414 (All versions < V3.10.2), SCALANCE XM400 (All versions < V6.1), SCALANCE XR500 (All versions < V6.1), SCALANCE W700 (All versions < V6.1), SCALANCE M-800, S615 (All versions < V4.03), Softnet PROFINET IO for PC-based Windows systems (All versions < V14 SP1), IE/PB-Link (All versions < V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions < V1.2.0), SITOP UPS1600 PROFINET (All versions < V2.2.0), SIMATIC ET 200AL (All versions < V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions < V4.0.1), SIMATIC ET 200MP IM155-5 PN ST (All versions < V4.1), SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST) (All versions), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM155-6 PN ST (All versions < V4.1.0), SIMATIC ET 200SP (except IM155-6 PN ST) (All versions), SIMATIC PN/PN Coupler (All versions < V4.0), Development/Evaluation Kit DK Standard Ethernet Controller (All versions < V4.1.1 Patch04), Development/Evaluation Kit EK-ERTEC 200P (All versions < V4.4.0 Patch01), Development/Evaluation Kit EK-ERTEC 200 (All versions < V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions < V2.3), SIMATIC S7-300 incl. F and T (All versions < V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.6), SIMATIC S7-400-H V6 (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions < V7.0.2), SIMATIC S7-410 (All versions < V8.2), SIMATIC S7-1200 incl. F (All versions < V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions < V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions < V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft Starter 3RW44 PN (All versions), SIRIUS Motor Starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions < V2.0.0), SINAMICS DCM w. PN (All versions < V1.4 SP1 HF5), SINAMICS DCP w. PN (All versions < V1.2 HF 1), SINAMICS G110M w. PN (All versions < V4.7 SP6 HF3), SINAMICS G120(C/P/D) w. PN (All versions < V4.7 SP6 HF3), SINAMICS G130 V4.7 w. PN (All versions < V4.7 HF27), SINAMICS G150 V4.7 w. PN (V4.7: All versions < V4.7 HF27), SINAMICS G130 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS G150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS S110 w. PN (All versions < V4.4 SP3 HF5), SINAMICS S120 V4.7 w. PN (All versions < V4.7 HF27), and others. Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a Denial-of-Service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices.
|
|
CWE-20
|
SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions before V2.1.82), SIMATIC CP 1243-1 IRC (All versions before V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions before to V1.0.15), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X-200 (All versions before V5.2.2), SCALANCE X200 IRT (All versions before V5.4.0), SCALANCE X-300/X408 (All versions before V4.1.0), SCALANCE X414 (All versions before V3.10.2), SCALANCE XM400, XR500 (All versions before V6.1), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions before V04.03), Softnet PROFINET IO for PC-based Windows systems (All versions before V14 SP1), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions before V1.2.0), SITOP UPS1600 PROFINET (All versions before V2.2.0), SIMATIC ET 200AL (All versions before V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions before V4.1.0), SIMATIC PN/PN Coupler (All versions before V4.0), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions before V2.3), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions before V6.0.6), SIMATIC S7-400-H V6 (All versions before V6.0.7), SIMATIC S7-400 PN/DP V7 incl. F (All versions), SIMATIC S7-CPU 410 (All versions before V8.2), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions before V1.4 SP1 HF5), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S110 w. PN (All versions before V4.4 SP1 HF5), SINAMICS S120 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS V90 w. PN (All versions before V1.1), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (All versions before V4.5 SP6 HF2 and V4.7 before SP6 HF8), SINUMERIK 840D sl (All versions before V4.5 SP6 HF8 and V4.7 before SP4 HF1), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet.
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
