As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC, SIPLUS Products
- Vulnerability: Integer Overflow or Wraparound
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to create a denial-of-service condition by sending a specially crafted certificate.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Siemens products are affected:
- SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00): All versions prior to v2.2
- SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00): All versions prior to v2.2
- SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0): All versions prior to v2.9.7
- SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0): All versions from v3.0.1 to v3.0.3
- SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0): All versions prior to v2.9.7
- SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0): All versions from v3.0.1 to v3.0.3
- SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): All versions prior to v21.9.7
- SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): Versions 30.0.0 and prior
- SIMATIC S7-1200 CPU family (incl. SIPLUS variants): All versions
- SIMATIC S7-1500 CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0): All versions prior to v2.9.7
- SIMATIC S7-1500 CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0): All versions prior to v3.0.3
- SIMATIC S7-1500 CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0): All versions prior to v2.9.7
- SIMATIC S7-1500 CPU 1510SP-1 PN (6ES7510-1DK03-0AB0): All versions prior to v3.0.3[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: